[Mailman-Users] Limiting number of failed login attempts

Mark Sapiro mark at msapiro.net
Sat Oct 3 15:14:43 CEST 2015

On 10/2/15 3:00 PM, Aditya Jain wrote:
> Is there a way in which I can limit the number of failed login attempts
> to the archive to prevent a brute force attempt?

In recent Mailman, both the private CGI and the options CGI return a 401
Unauthorized status for a failed login. This makes it easy to use
something like fail2ban to block an IP after a number of failed attempts.

Also, You can generate more secure passwords by setting


in mm_cfg.py, and you can make them longer by setting

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list