On 04/16/2018 07:46 AM, Lindsay Haisley wrote:
A related question would be whether there's any way to correlate failed web UI login attempts with IP addresses. It doesn't appear that at present Mailman 2 logs failed web UI attempts at all, although I may be missing something.
Mailman responds to invalid login attempts from the admin, admindb, options and private CGIs with a 401 Unauthorized status. These are (or should be) logged by the web server along with the IP address and other info.
In addition, if a list's membership is private, i.e. available only to members or the admin, failed attempts to log in to the options page or obtain a password reminder are logged by Mailman in the mischief log, but only login failures have the IP address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan