[Mailman-Users] Fail2ban on the Mailman web interface

Jim Popovitch jimpop at domainmail.org
Sun Jun 3 13:04:02 EDT 2018

On Sun, 2018-06-03 at 13:52 -0300, Henrique Fagundes wrote:
> Dear Colleagues,
> Good afternoon!
> I begin by apologizing for the fact that this text is difficult to 
> interpret because I am Brazilian and I do not have many English
> language 
> skills.
> I'm having a hard time using Fail2Ban along with MailMan mailing
> list 
> management software.
> My idea is that when the attacker / attacker incorrectly enters the 
> password of the login field in the web interface, it is blocked. But
> for 
> this to work, it is necessary for MailMan to report unsuccessful
> login 
> attempts in its log.
> I have already checked to see if there is a plugin or extension
> (just 
> like it exists for Wordpress and PHPMyAdmin), but it seems like there
> is 
> nothing developed for this.
> So I would like to know if anyone has ever had the need to do this 
> implementation, so I can have some way.
> If anyone can help me, I will be very grateful.


I use the attached patch for Mailman/Utils.py to log the listname and
remoteIP to the mischief log.

Mark, if you think this should be in the regular release let me know
and I'll submit a merge request.

-Jim P.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1498_1497.diff
Type: text/x-patch
Size: 810 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180603/daea5abf/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180603/daea5abf/attachment.sig>

More information about the Mailman-Users mailing list