[Mailman-Users] Limiting number of failed login attempts

Aditya Jain aj at adityaj.in
Sat Oct 3 20:51:24 CEST 2015


Thanks! At the moment I don't have a separate IP for mailman. Therefore
I cannot use fail2ban. But hopefully, a really long password should be
enough to discourage a simple brute force.

Thanks & Regards
Aditya Jain

On Saturday 03 October 2015 06:44 PM, Mark Sapiro wrote:
> On 10/2/15 3:00 PM, Aditya Jain wrote:
>> Is there a way in which I can limit the number of failed login attempts
>> to the archive to prevent a brute force attempt?
> In recent Mailman, both the private CGI and the options CGI return a 401
> Unauthorized status for a failed login. This makes it easy to use
> something like fail2ban to block an IP after a number of failed attempts.
> Also, You can generate more secure passwords by setting
> in mm_cfg.py, and you can make them longer by setting
> MEMBER_PASSWORD_LENGTH = a number > 8.

More information about the Mailman-Users mailing list