Hi... is there any possibility a post with a bad password could return 401 instead of 200... that way fail2ban would automatically block bots that try to hack list manager passwords.
Mark
Mark Hedges wrote:
Hi... is there any possibility a post with a bad password could return 401 instead of 200... that way fail2ban would automatically block bots that try to hack list manager passwords.
In Mailman/Cgi/Auth.py in the definition of loginpage find
if msg:
msg = FontAttr(msg, color='#ff0000', size='+1').Format()and append
print '401 Unauthorized\n'to make it
if msg:
msg = FontAttr(msg, color='#ff0000', size='+1').Format()
print '401 Unauthorized\n'This is entirely untested, but should work for both failed admin and admindb logins.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
and append
print '401 Unauthorized\n'to make it
if msg: msg = FontAttr(msg, color='#ff0000', size='+1').Format() print '401 Unauthorized\n'
Actually, that's wrong on two counts. It should be 'Status: 401 Unauthorized' and there should be no newline as print provides one, so make it
if msg:
msg = FontAttr(msg, color='#ff0000', size='+1').Format()
print 'Status: 401 Unauthorized'This is entirely untested, but should work for both failed admin and admindb logins.
And it's still untested.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi mailman developers. Another suggestion, apologies if this is already implemented in a newer version... if there is a permission error or other exception thrown which prevents posting, it would be helpful if the process could return a non-zero exit code.
When sendmail pipes to the list through /etc/aliases, if there is a permission problem (like on digest.mbox) the message just disappears without a trace - no post to the list, no bounce to the poster, no archive, nothing except the exception in /var/log/mailman/error and a 'SHUNTING' message. (I have some sysadmin scripts that manage permissions, and there was a bug.)
If a pipe process exits with a positive integer exit code in case of error, sendmail bounces with "554 Service Unavailable" and provides useful logging info. This would be a lot more informative than having the mail vanish into thin air.
Thanks!
Mark
participants (2)
-
Mark Hedges -
Mark Sapiro