[Mailman-Users] Fail2ban on the Mailman web interface
Jim Popovitch
jimpop at domainmail.org
Sun Jun 3 13:04:02 EDT 2018
On Sun, 2018-06-03 at 13:52 -0300, Henrique Fagundes wrote:
> Dear Colleagues,
>
> Good afternoon!
>
> I begin by apologizing for the fact that this text is difficult to
> interpret because I am Brazilian and I do not have many English
> language
> skills.
>
> I'm having a hard time using Fail2Ban along with MailMan mailing
> list
> management software.
>
> My idea is that when the attacker / attacker incorrectly enters the
> password of the login field in the web interface, it is blocked. But
> for
> this to work, it is necessary for MailMan to report unsuccessful
> login
> attempts in its log.
>
> I have already checked to see if there is a plugin or extension
> (just
> like it exists for Wordpress and PHPMyAdmin), but it seems like there
> is
> nothing developed for this.
>
> So I would like to know if anyone has ever had the need to do this
> implementation, so I can have some way.
>
> If anyone can help me, I will be very grateful.
Hello,
I use the attached patch for Mailman/Utils.py to log the listname and
remoteIP to the mischief log.
Mark, if you think this should be in the regular release let me know
and I'll submit a merge request.
-Jim P.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1498_1497.diff
Type: text/x-patch
Size: 810 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180603/daea5abf/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180603/daea5abf/attachment.sig>
More information about the Mailman-Users
mailing list