<div dir="ltr">Hello folks,<br><br>We have discovered that for the last few weeks our mailman server was used for a spam attack. The attacker would make use of the + feature offered by gmail and hotmail. If you send an email to <a href="mailto:example@hotmail.com">example@hotmail.com</a>, <a href="mailto:example%2Bfoo@hotmail.com">example+foo@hotmail.com</a>, <a href="mailto:example%2Bbar@hotmail.com">example+bar@hotmail.com</a>, it goes to the same inbox. We were constantly hit with requests to subscribe to a few inboxes. These requests overloaded our mail server so much that it gave up. We detected this failure because a postmortem email to <a href="mailto:gluster-infra@gluster.org">gluster-infra@gluster.org</a> bounced. Any emails sent to our mailman server may have been on hold for the last 24 hours or so. They should be processed now as your email provider re-attempts.<br><br>For the moment, we've banned subscribing with an email address with a + in the name. If you are already subscribed to the lists with a + in your email address, you will continue to be able to use the lists.<br><br>We're looking at banning the spam IP addresses from being able to hit the web interface at all. When we have a working alternative, we will look at removing the current ban of using + in address.<br><br>Apologies for the outage and a big shout out to Michael for taking time out of his weekend to debug and fix the issue.<br clear="all"><div><br>-- <br><div class="gmail_signature"><div dir="ltr">nigelb<br></div></div>
</div></div>