[Mailman-Users] Fail2ban on the Mailman web interface

Mark Sapiro mark at msapiro.net
Sun Jun 3 18:53:09 EDT 2018

On 06/03/2018 09:52 AM, Henrique Fagundes wrote:
> My idea is that when the attacker / attacker incorrectly enters the
> password of the login field in the web interface, it is blocked. But for
> this to work, it is necessary for MailMan to report unsuccessful login
> attempts in its log.

Mailman reports all authentication failures to the web server with a 401
status. Here are some typical messages from the Apache access log. - - [03/Jun/2018:15:41:23 -0700] "POST
/mailman/options/LISTNAME HTTP/1.1" 401 4532
"https://www.example.com/mailman/options/LISTNAME" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" - - [03/Jun/2018:15:40:46 -0700] "POST
/mailman/admindb/LISTNAME HTTP/1.1" 401 2715
"https://www.example.com/mailman/admindb/LISTNAME" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

You should be able to recognize those with fail2ban without any
modification to Mailman's logging.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list