Quoting Rich Kulawiec (rsk@gsp.org):
On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
Brute Force attempts can only be mitigated by e.g. fail2ban.
Nope. There are other ways.
Brute force attacks can be pre-emptively blocked by nearly everyone operating a Mailman instance. (I say "nearly" for specific reasons that will become clear below.)
Great writeup. This is exactly how I've had my firewall configured for some time, with the drop/edrop and country block lists. I monitor for breakin attempts and add country blocks as needed... it's interesting that this seems to be somewhat cyclical in my experience, in that one month 80% of my brute force attacks are from Turkey, then the next month it shifts to Brazil (as examples, but I have both of these countries blocked now).