Mailman 3 return 401 for bad password? - Mailman-Developers

return 401 for bad password?

Mark Hedges

29 Jan 2010 29 Jan '10

1:55 p.m.

Hi... is there any possibility a post with a bad password could return 401 instead of 200... that way fail2ban would automatically block bots that try to hack list manager passwords.

Mark

Show replies by date

Mark Sapiro

29 Jan 29 Jan

5:02 p.m.

Mark Hedges wrote:

...

Hi... is there any possibility a post with a bad password could return 401 instead of 200... that way fail2ban would automatically block bots that try to hack list manager passwords.

In Mailman/Cgi/Auth.py in the definition of loginpage find

if msg:
    msg = FontAttr(msg, color='#ff0000', size='+1').Format()

and append

    print '401 Unauthorized\n'

to make it

if msg:
    msg = FontAttr(msg, color='#ff0000', size='+1').Format()
    print '401 Unauthorized\n'

This is entirely untested, but should work for both failed admin and admindb logins.

-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

Mark Sapiro

6:22 p.m.

Mark Sapiro wrote:

...

and append

    print '401 Unauthorized\n'

to make it

if msg:
    msg = FontAttr(msg, color='#ff0000', size='+1').Format()
    print '401 Unauthorized\n'

Actually, that's wrong on two counts. It should be 'Status: 401 Unauthorized' and there should be no newline as print provides one, so make it

if msg:
    msg = FontAttr(msg, color='#ff0000', size='+1').Format()
    print 'Status: 401 Unauthorized'

...

This is entirely untested, but should work for both failed admin and admindb logins.

And it's still untested.

-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

Mark Hedges

8 Feb 8 Feb

11:56 a.m.

New subject: positive exit code in case of error?

Hi mailman developers. Another suggestion, apologies if this is already implemented in a newer version... if there is a permission error or other exception thrown which prevents posting, it would be helpful if the process could return a non-zero exit code.

When sendmail pipes to the list through /etc/aliases, if there is a permission problem (like on digest.mbox) the message just disappears without a trace - no post to the list, no bounce to the poster, no archive, nothing except the exception in /var/log/mailman/error and a 'SHUNTING' message. (I have some sysadmin scripts that manage permissions, and there was a bug.)

If a pipe process exits with a positive integer exit code in case of error, sendmail bounces with "554 Service Unavailable" and provides useful logging info. This would be a lot more informative than having the mail vanish into thin air.

Thanks!

Mark

4869

Age (days ago)

4879

Last active (days ago)

List overview

Download

3 comments

2 participants

tags (0)

participants (2)

Mark Hedges
Mark Sapiro