X-Git-Url: https://git.ralfj.de/web.git/blobdiff_plain/a84c03aaa616d8e3de75d581954d8af45afe6464..c00fca4e0107673ce66185625dadbb8c3c48ed09:/personal/_posts/2018-06-02-mailman-subscription-spam.md?ds=inline diff --git a/personal/_posts/2018-06-02-mailman-subscription-spam.md b/personal/_posts/2018-06-02-mailman-subscription-spam.md index 3c29d1f..e8d557c 100644 --- a/personal/_posts/2018-06-02-mailman-subscription-spam.md +++ b/personal/_posts/2018-06-02-mailman-subscription-spam.md @@ -45,9 +45,10 @@ have found my servers so far are much less patient than that, just setting spam. So, if you are reading this and running a Mailman installation: **Please set -`SUBSCRIBE_FORM_SECRET` and protect your setup against abuse!** Just run `pwgen -16` to get some random string, and then add `SUBSCRIBE_FORM_SECRET = ""` to `/etc/mailman/mm_cfg.py`. It's really that simple! Just a +`SUBSCRIBE_FORM_SECRET` and protect your setup against abuse!** Just run +`openssl rand -base64 18` to get some random string, and then add +`SUBSCRIBE_FORM_SECRET = ""` to `/etc/mailman/mm_cfg.py`. +It's really that simple! Just a [four-line patch in my Ansible playbook](https://git.ralfj.de/ansible.git/commitdiff/937b170594be82e500ae726dc47de8ca9ef3dfcf) to get this rolled out to all servers. Note that you need to be at least on Mailman 2.1.16 for this to work; all currently supported versions of Debian come