On 06/03/2018 09:52 AM, Henrique Fagundes wrote: > > My idea is that when the attacker / attacker incorrectly enters the > password of the login field in the web interface, it is blocked. But for > this to work, it is necessary for MailMan to report unsuccessful login > attempts in its log.
Mailman reports all authentication failures to the web server with a 401 status. Here are some typical messages from the Apache access log. 45.24.217.241 - - [03/Jun/2018:15:41:23 -0700] "POST /mailman/options/LISTNAME HTTP/1.1" 401 4532 "https://www.example.com/mailman/options/LISTNAME"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" 45.24.217.241 - - [03/Jun/2018:15:40:46 -0700] "POST /mailman/admindb/LISTNAME HTTP/1.1" 401 2715 "https://www.example.com/mailman/admindb/LISTNAME"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" You should be able to recognize those with fail2ban without any modification to Mailman's logging. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
