> one of the sites that I run majordomo (1.94.3 on one, and 1.94.4 on the
> other) seems to be egtting hit his mass-subscribes. No, not the type where
> a lot of people are subscribed, but rather where 1 person attempts to join
> all the lists at a site.
Are they coming from telmex.net.mx (I don't mean the From line, I mean
the host sending them-- look at syslog)? Somebody's been abusing over
100 majordomo sites including us. We are seeing about 200 individual
separate messages per victim, taking about 15 minutes start to finish.
Some are subscribe messages and some are "help". Three addresses at
apc.org have been hit, and four others, from March 12 to 18.
All our lists are either closed or open+confirm, so impact is limited
to one reply per message, but 200 in still is 200 out, and if the perp
is doing this at over 100 sites as I was told by apc.org's postmaster,
that's a lot of mail. He says many lists elsewhere were set to open or
I just saw more this morning, but for the first time not from
telmex.net.mx. And I think some of this morning's were probes to see
what IPs we have blocked (we got all of telmex.net.mx's dialups) in
preparation for more. I'm going to study them shortly.
Joseph Brennan Postmaster Academic Information Systems
Columbia University in the City of New York