[Mailman-Users] Limiting number of failed login attempts

Mark Sapiro mark at msapiro.net
Sun Oct 4 03:58:21 CEST 2015

On 10/3/15 11:51 AM, Aditya Jain wrote:
> Thanks! At the moment I don't have a separate IP for mailman. Therefore
> I cannot use fail2ban. But hopefully, a really long password should be
> enough to discourage a simple brute force.

I'm not sure if you understand fail2ban. See

fail2ban runs on (in this case) the machine on which Mailman's web
interface runs. It monitors the web server logs and looks for (in this
case) a minimum number of 401 errors within a given time window from a
single IP and if found uses iptables or similar to block access from
that IP for a defined time.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list