Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread Stephen J. Turnbull 
tlhackque via Mailman-Users writes:

 > I'm not sure what you are looking for.

I'm looking for anything that will help block swaths of Chinese
spammers and possibly attacks, while allowing me to do a better job of
serving students vacationing at home in China than treating them the
way the Chinese government does.  A unicorn, or failing that, a pony.

 > There are a number of geolocating services that attempt to turn IP
 > addresses into specific locations; for example maxmind offers a series
 > of databases of increasing precision for increasing prices (starting
 > with free).

I'll try their free offering.  Thank you!

 > But the problem is that unless you know exactly where your users (and
 > potential users) are located, this won't help.  Do you have a list of
 > cities?  Streets?

I can frequently get down to the street level for valid users, yes, at
least after first contact.

 > What you probably want is to identify the specific bad actors;

No, I want to identify good actors and block the rest.  The problem
I've had in the past is that I can't depend on static IPs because I'm
dealing with people using telephones, mostly.

 > As previously noted, fail2ban is one reactive means of dealing with
 > these - it reads log files and dynamically blocks IP addresses that
 > generate errors.  It can be resource intensive, especially if you want a
 > reasonably fast reaction time.  And specifying bad behavior is somewhat
 > of an art.

I wouldn't call it art, but a few years ago I had a 1MB .procmailrc. :-)

 > One option is to provide a website for registering your users, then
 > allow them access via some convenient token.

I'm not sure what you're suggesting.  That's what is being attacked
here.

 > Or provide a VPN (with just your web or email server as an
 > endpoint).

I believe the Chinese have outlawed VPNs, I assume they allow TLS
still, though, given the size of ecommerce there.

 > Or use X.509 client authentication  - note that you can use this
 > with your mailserver.

That's an interesting idea, but again my users will be mostly using
phones, so I don't think this will work with mail very well, and I'm
not sure how to set that up on a phone.

 > For this purpose, you want your own CA for X.509.

Sure.

 > However, if you're trying to attract people who don't know if they
 > are interested, the cost of connecting with you would probably turn
 > many away.

The prospect of graduate study outside of China seems to be a strong
motivator so far.  We'll see if it interests people in conforming to
practices that increase my security.

Interesting thoughts, anyway.

Steve


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] 'from' header at delivered email from inside / outside organization

2018-04-19 Thread Stephen J. Turnbull 
Mark Sapiro writes:
 > On 04/19/2018 03:17 AM, kan...@yamachu-tokachi.co.jp wrote:

 > > Expected behavior:
 > > 
 > > a. When a sender is outside of our organization (abc.co.jp), the
 > > received mail should show original sender's email address at 'from' header.
 > > b. When a sender is inside of our organization and receiver is outside
 > > of our organization, the received mail should show ML address
 > > (a...@ml.abc.co.jp  ) at 'from' header.
 > 
 > 
 > This can't be done in Mailman without source code modification.
 > The mods would not be difficult nor extensive, but this can't be done
 > with configuration alone.

Besides what Mark says, it looks to me like you're describing a
customer relations application.  "Mailman Banzai!" and all that, but
Mailman is not designed as a CRM, and hard to tune to be one.

If a CRM is what you want, I'm sure there are dedicated applications
with more of the features you need.  I'm sorry I don't have any
concrete suggestions, I don't use or need CRMs.

Steve

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] 'from' header at delivered email from inside / outside organization

2018-04-19 Thread Mark Sapiro 
On 04/19/2018 03:17 AM, kan...@yamachu-tokachi.co.jp wrote:
> 
> Does anyone know how to configure mailman to achieve expected behavior?
> 
>  
> 
> Expected behavior:
> 
> a.When a sender is outside of our organization (abc.co.jp), the
> received mail should show original sender's email address at 'from' header.
> b.When a sender is inside of our organization and receiver is outside
> of our organization, the received mail should show ML address
> (a...@ml.abc.co.jp  ) at 'from' header.


This can't be done in Mailman without source code modification.

You would have to modify Mailman's SMTPDirect.py module to always set

deliveryfunc = verpdeliver

and then modify verpdeliver itself to look at the sender and recipient
and if the sender is local and the recipient remote, replace the From:

The mods would not be difficult nor extensive, but this can't be done
with configuration alone.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Fwd: Mailman not sending mail???

2018-04-19 Thread Mark Sapiro 
On 04/19/2018 10:09 AM, Jon Clements wrote:
> This seems to be happening in smtp-failure log when the problem started
> ...??? And the failure log appears to be ongoing...
> 
> JC
> 
> Apr 05 01:07:46 2018 (210) delivery to j...@dickiebros.com failed with code
> -1: Connection unexpectedly closed
...


Sometimes Mailman and the underlying Python smtplib module can get out
of sync with each other or the MTA.

Usually, this can be fixed by restarting Mailman.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] 'from' header at delivered email from inside / outside organization

2018-04-19 Thread Grant Taylor via Mailman-Users 

On 04/19/2018 04:17 AM, kan...@yamachu-tokachi.co.jp wrote:

Hello Mailman experts,


I'm not an expert, but I've got questions.

I created a mailing list (i.e. a...@ml.abc.co.jp) with mailman in our 
organization.


I don't think it matters, but I want to make sure I'm not assuming 
anything incorrectly.


It looks like your Mailman list is configured in a sub-domain of your 
copmpanies main domain.  I'm assuming that means that email for the 
mailing list is routed to the server hosting Mailman independent of your 
main email server.  Correct?



Does anyone know how to configure mailman to achieve expected behavior?

Expected behavior:

a.	When a sender is outside of our organization (abc.co.jp), the 
received mail should show original sender's email address at 'from' 
header.


Okay.  No from header modification.

b.	When a sender is inside of our organization and receiver is 
outside of our organization, the received mail should show ML address 
(a...@ml.abc.co.jp) at 'from' header.


What from address should receivers inside the organization see from 
senders also inside the organization?  Do they need to see the real 
internal from header?  Or is it okay that they see the mailing list address?


If it's okay that internal recipients see the mailing list instead of 
the actaul internal senders, then the problem can likely be simplified 
to be "internal senders should have their from address rewritten to the 
mailing list address."


I want to know sender's email address if it's from outside our 
organization but do not want disclose employees' email address in our 
organization when they send emails to outside our organization.


This almost sounds like an MTA masquerading issue.  I don't know if 
mailman can help with this or not.  Especially if it's supposed to 
conditionally happen based on the sender and the recipient.




--
Grant. . . .
unix || die

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] 'from' header at delivered email from inside / outside organization

2018-04-19 Thread kaneko 
Hello Mailman experts,

 

I created a mailing list (i.e. a...@ml.abc.co.jp  )
with mailman in our organization.

Does anyone know how to configure mailman to achieve expected behavior?

 

Expected behavior:

a.  When a sender is outside of our organization (abc.co.jp), the
received mail should show original sender's email address at 'from' header.
b.  When a sender is inside of our organization and receiver is outside
of our organization, the received mail should show ML address
(a...@ml.abc.co.jp  ) at 'from' header.

 

I want to know sender's email address if it's from outside our organization
but do not want disclose employees' email address in our organization when
they send emails to outside our organization.

 

Thanks,

Toshi Kaneko

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread ddewey 
Quoting Rich Kulawiec (r...@gsp.org):

> On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
> > Brute Force attempts can only be mitigated by e.g. fail2ban.
> 
> Nope.  There are other ways.
> 
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman instance.  (I say "nearly" for specific reasons
> that will become clear below.)

Great writeup. This is exactly how I've had my firewall configured for
some time, with the drop/edrop and country block lists. I monitor for
breakin attempts and add country blocks as needed... it's interesting
that this seems to be somewhat cyclical in my experience, in that one
month 80% of my brute force attacks are from Turkey, then the next
month it shifts to Brazil (as examples, but I have both of these
countries blocked now).
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread Lindsay Haisley 
On Thu, 2018-04-19 at 10:08 -0700, Natu wrote:
> On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> > On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
> >> I stood up a new server last fall with *no* valid ssh access and logged
> >> about 750,000 attempts in a month.   Similar patterns.
> >
> > There's a reason I don't put sshd on port 22; moving it elsewhere and
> > blackhole-ing 22 cut the auth log tremendously.
> >
> > (
> 
> If you have no users logging in remotely or if users are technical
> enough, consider using fwknop for ssh and other services.  I also use
> openvpn or openvpn with fwknop to access the vpn.  I've found fwknop to
> be rock solid, and I've never had even a single attack on services that
> use fwknop.  http://www.cipherdyne.org/fwknop/

Once again, do yourself a favor and check out fail2ban. It's in use on
my company's server and works wonders on stopping brute force attacks
on ALL services affected.

-- 
Lindsay Haisley   | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190  |
http://www.fmp.com| -- Hiram W Johnson

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread Natu 
On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
>> I stood up a new server last fall with *no* valid ssh access and logged
>> about 750,000 attempts in a month.   Similar patterns.
>
> There's a reason I don't put sshd on port 22; moving it elsewhere and
> blackhole-ing 22 cut the auth log tremendously.
>
> (

If you have no users logging in remotely or if users are technical
enough, consider using fwknop for ssh and other services.  I also use
openvpn or openvpn with fwknop to access the vpn.  I've found fwknop to
be rock solid, and I've never had even a single attack on services that
use fwknop.  http://www.cipherdyne.org/fwknop/

Natu

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Fwd: Mailman not sending mail???

2018-04-19 Thread Jon Clements 
This seems to be happening in smtp-failure log when the problem started
...??? And the failure log appears to be ongoing...

JC

Apr 05 01:07:46 2018 (210) delivery to j...@dickiebros.com failed with code
-1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to cortla...@icloud.com failed with
code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to t...@cornell.edu failed with code
-1: Connection unexpectedly closed: [Errno 54] Connection reset by peer

Apr 05 01:07:46 2018 (210) delivery to fina...@chibardun.net failed with
code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to gpull...@greatamericanpublish.com
failed with code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to da...@applelanefarm.com failed with
code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to rollinsorcha...@gmail.com failed
with code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to pippm...@yahoo.com failed with code
-1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to gbmo...@gmail.com failed with code
-1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to sin...@psis.umass.edu failed with
code -1: Connection unexpectedly closed: [Errno 54] Connection reset by peer

Apr 05 01:07:46 2018 (210) delivery to thelittlefar...@rocketmail.com
failed with code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to marion.mur...@usu.edu failed with
code -1: Connection unexpectedly closed: [Errno 54] Connection reset by peer

Apr 05 01:07:46 2018 (210) delivery to appleman.maur...@gmail.com failed
with code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to bdspa...@meistermedia.com failed
with code -1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to wincowg...@mac.com failed with code
-1: Connection unexpectedly closed

Apr 05 01:07:46 2018 (210) delivery to george.brin...@nf.sympatico.ca
failed with code -1: Connection unexpectedly closed: [Errno 54] Connection
reset by peer


On Thu, Apr 19, 2018 at 9:03 AM, mailman-admin <
mailman-ad...@uni-konstanz.de> wrote:

> Am 19.04.2018 um 13:16 schrieb Jon Clements:
> > Hi, my Mailman seems to have stopped sending mail. Posts to a list(s) are
> > not going anywhere, nor for example, subscribe notifications, etc. are
> not
> > going out. It seems to be receiving mail as pending moderator requests
> are
> > there. Webadmin seems to be working normally (except for not sending mail
> > when requested). Where do I start looking? Sorry, not very technically
> > proficient, it's a wonder I got it (Mailman v. 2.1.20) up and running a
> > couple years ago on Mac OS 10.10.5 (using Server v. 5.0.15) but it has
> been
> > running great since then (until now). I will say there was quite a bit of
> > spam coming in before the problem started, and I stopped Mail service (on
> > Server) for about a day to hopefully make it go away, and then the
> Mailman
> > sending problem cropped up after I re-started Mail service (I think).
> > Local/normal Mail accounts seem to be working fine.
> >
> > Appreciate any help you can give me...
> >
>
> I had a died OutgoingRunner a couple of times.
> Check if all mailman processes are still running.
> If not restart mailman.
>
>
> Kind regards
> Christian Mack
>
>
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/ma
> ilman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/jon.
> clements%40umass.edu
>



-- 
JMCEXTMAN (aka Jon Clements)
413.478.7219 Verizon
413.378.3068 Project Fi
UMass Cold Spring Orchard
393 Sabin Street
Belchertown, MA  01007
http://umassfruit.com



-- 
Jon Clements
aka 'Mr Honeycrisp'
University of Massachusetts Amherst Extension
UMass Cold Spring Orchard
393 Sabin St.
Belchertown, MA  01007
413-478-7219 Verizon
413-378-3068 Project Fi
umassfruit.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread tlhackque via Mailman-Users 
On 19-Apr-18 02:46, Stephen J. Turnbull wrote:
> So here's my problem.  A lot of my constituency resides in CN,
> occasionally including people at frequently problematic domains like
> 163.com.  Do you know any resources (or keywords to start googling
> even!) at subnational levels?  KR and CN breakdowns would be most
> useful to me; breakdowns for RU and former USSR would be appreciated
> by many of my colleagues.
>
I'm not sure what you are looking for.

Blocking by geography is a very crude tool - it turns out to be useful
in that many hosts serve limited geographies, and it's pretty easy to
identify countries that generate a lot of "bad" traffic.  E.g. RU & CN
are widely believed to support intrusions by (pseudo/)government actors,
and rarely prosecute. 

As you discovered, below that level, you need to use other tools.

There are a number of geolocating services that attempt to turn IP
addresses into specific locations; for example maxmind offers a series
of databases of increasing precision for increasing prices (starting
with free).

You can use these databases with your webserver (e.g. apache mod_geoip)
and name server (BIND for sure).  There is also a GeoIP module for
iptables.  (I use (and maintain) BlockCountries because it is more
flexible and easier to use. YMMV).

But the problem is that unless you know exactly where your users (and
potential users) are located, this won't help.  Do you have a list of
cities?  Streets?  I don't think that the criminal element has easily
identifiable geographies.

What you probably want is to identify the specific bad actors; for that
the spamhaus and other "block lists" ("RBL") are helpful.  Most of these
are distributed via DNS - which means that they aren't practical for
firewalls.  You can configure your email server (e.g. sendmail/postfix)
to use them.  But this happens inside your firewall.  These lists are
fairly well curated, but certainly aren't perfect.

As previously noted, fail2ban is one reactive means of dealing with
these - it reads log files and dynamically blocks IP addresses that
generate errors.  It can be resource intensive, especially if you want a
reasonably fast reaction time.  And specifying bad behavior is somewhat
of an art.

One option is to provide a website for registering your users, then
allow them access via some convenient token.    A Captcha will help to
reduce fraudulent registrations.  E.g., if they have a static IP
address, register that.  Or provide a VPN (with just your web or email
server as an endpoint).  Or use X.509 client authentication  - note that
you can use this with your mailserver.  For this purpose, you want your
own CA for X.509.  You can revoke abused tokens.  If your community is
small (or willing to pay), you can look at hardware tokens, such a yubikey.

That will work if you have a reasonably sized community - and people
really want to use your service.  However, if you're trying to attract
people who don't know if they are interested, the cost of connecting
with you would probably turn many away.

It's a balancing act, and your business (community, etc) needs will
determine what is best for you.

Note that I'm not exclusively endorsing any of the products/services
mentioned - there are alternatives, and you need to evaluate what each
offers against your needs.

Unfortunately, there's no universal answer.

Good luck.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Mailman not sending mail???

2018-04-19 Thread Keith Seyffarth 
mailman-admin  writes:

> I had a died OutgoingRunner a couple of times.
> Check if all mailman processes are still running.
> If not restart mailman.

I run into this frequently on my CentOS machine. If mailman isn't
running and it won't restart, check the log files and wherever the PID
and lock files are being stored to make sure Mailman can write its
files. Some system upgrades appear to "fix" the ownership and
permissions on these directories preventing some processes from being
able to write their logs or PIDs. This will prevent mailman from
sending.

Keith

-- 

from my mac to yours...

Keith Seyffarth
mailto:w...@weif.net
http://www.weif.net/ - Home of the First Tank Guide!
http://www.rpgcalendar.net/ - the Montana Role-Playing Calendar

http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Mailman not sending mail???

2018-04-19 Thread mailman-admin 
Am 19.04.2018 um 13:16 schrieb Jon Clements:
> Hi, my Mailman seems to have stopped sending mail. Posts to a list(s) are
> not going anywhere, nor for example, subscribe notifications, etc. are not
> going out. It seems to be receiving mail as pending moderator requests are
> there. Webadmin seems to be working normally (except for not sending mail
> when requested). Where do I start looking? Sorry, not very technically
> proficient, it's a wonder I got it (Mailman v. 2.1.20) up and running a
> couple years ago on Mac OS 10.10.5 (using Server v. 5.0.15) but it has been
> running great since then (until now). I will say there was quite a bit of
> spam coming in before the problem started, and I stopped Mail service (on
> Server) for about a day to hopefully make it go away, and then the Mailman
> sending problem cropped up after I re-started Mail service (I think).
> Local/normal Mail accounts seem to be working fine.
> 
> Appreciate any help you can give me...
> 

I had a died OutgoingRunner a couple of times.
Check if all mailman processes are still running.
If not restart mailman.


Kind regards
Christian Mack


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Mailman not sending mail???

2018-04-19 Thread Jon Clements 
Hi, my Mailman seems to have stopped sending mail. Posts to a list(s) are
not going anywhere, nor for example, subscribe notifications, etc. are not
going out. It seems to be receiving mail as pending moderator requests are
there. Webadmin seems to be working normally (except for not sending mail
when requested). Where do I start looking? Sorry, not very technically
proficient, it's a wonder I got it (Mailman v. 2.1.20) up and running a
couple years ago on Mac OS 10.10.5 (using Server v. 5.0.15) but it has been
running great since then (until now). I will say there was quite a bit of
spam coming in before the problem started, and I stopped Mail service (on
Server) for about a day to hopefully make it go away, and then the Mailman
sending problem cropped up after I re-started Mail service (I think).
Local/normal Mail accounts seem to be working fine.

Appreciate any help you can give me...

Jon


-- 
Jon Clements
aka 'Mr Honeycrisp'
University of Massachusetts Amherst Extension
UMass Cold Spring Orchard
393 Sabin St.
Belchertown, MA  01007
413-478-7219 Verizon
413-378-3068 Project Fi
umassfruit.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Brute force attacks on mailman web ui

2018-04-19 Thread Stephen J. Turnbull 
Rich Kulawiec writes:

 > Brute force attacks can be pre-emptively blocked by nearly everyone
 > operating a Mailman instance.  (I say "nearly" for specific reasons
 > that will become clear below.)

Nice summary!

 > 3. The next step depends on the intended audience for your mailing
 > lists.

So here's my problem.  A lot of my constituency resides in CN,
occasionally including people at frequently problematic domains like
163.com.  Do you know any resources (or keywords to start googling
even!) at subnational levels?  KR and CN breakdowns would be most
useful to me; breakdowns for RU and former USSR would be appreciated
by many of my colleagues.

 > Hint: if you watch your logs long enough and pay attention to what's
 > in them, you'll probably notice that many attack patterns are localized.

This is helpful regardless of whether there are subnational
breakdowns.  I got the point the first time! :-)

Regards,
Steve

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org