need ability to ban list names and owners #672
Comments
|
While waiting for this ability to be implemented, you may create the banned lists with listmaster, it will prevent the user to use them, no? |
|
What are you referring to? Is a banned list already implemented somewhere? |
I think such restriction should not prevent use of existing lists, but it should prevent only creation of the new list (including copying or renaming lists). |
Yes. If you don’t want [email protected] to be available, juste create it with your listmaster account, this name will be unavailable for your users, it’s just that. |
How about, for example, restricting list names with regexp? |
Why not? But what do you think about a comma-separated list, allowing to use wildcard character ( As for the owner, I think it will be useless to ban owner names and addresses: spammers will notice that and change their owner name and use another address (I had spammers who did that once they noticed I deleted their lists and accounts quickly). I’ll begin to work on this issue today. |
— Add prohibited_listnames setting (comma-separated list, with ability to use a wildcard) — Add prohibited_listnames_regex setting The settings are cumulative. You can use one or the other or both. May fix sympa-community#672
|
Just a question on @ldidry ‘s pr: Why “prohibited” patterns? For example, the “owner_domain” setting specifies “allowed” patterns. What does distinct between “prohibit” and “allow”? |
|
"prohibit" is basically the opposite of "allow". While regex could be used for "allowed" patterns, it would be harder to write them. |
Indeed. |
|
BTW prohibition (or oppsite) should be done with |
|
Sorry, I forgot this one. I’ll add it. |
— Add prohibited_listnames setting (comma-separated list, with ability to use a wildcard) — Add prohibited_listnames_regex setting The settings are cumulative. You can use one or the other or both. May fix sympa-community#672
— Add prohibited_listnames setting (comma-separated list, with ability to use a wildcard) — Add prohibited_listnames_regex setting The settings are cumulative. You can use one or the other or both. May fix sympa-community#672
|
Here we go! I put the code in |
— Add prohibited_listnames setting (comma-separated list, with ability to use a wildcard) — Add prohibited_listnames_regex setting The settings are cumulative. You can use one or the other or both. May fix sympa-community#672
|
@taggart for the |
|
When I was running my scanner process I would often detect when owners requested a list under one address and then changed it back to their original banned address (or something that matched the regex at least). So it seems even if they use new addresses they tend to follow a pattern. Also as I found other abusers that were clearly the same person, I adjusted the regexs to handle new patterns. I guess the new method will disallow an owner adding a banned address as another owner, that might tip them off. Maybe attempting to add banned owners should be logged in a way that could be looked for with nagios/etc and alert the listmasters that someone tried to add a banned address? |
In operating a public sympa instance that allows anyone to create an account and request a list, we have had a problem with some users creating abusive lists. When we shutdown the list and close the owner account, they just create another, and this happens over and over. The cases we've seen haven't done this for general spam, but seem to usually be on a particular topic. At first they are honest when making the list request, but once we notice the pattern and stop approving those lists, they will lie in the list request and use other email addresses to submit the requests. But then after approval they will rename the list and often set the owner to an address used previously.
A while ago, to combat this problem, we implemented a nagios check that used regular expressions to scan the database and look for listnames and owner addresses that matched the people doing this and then alerted us to the problem. That works, but there wasn't anything automatic to close the list or account.
What would be best is if this could be prevented in sympa, at account and list request creation time and also when renaming lists.
The text was updated successfully, but these errors were encountered: