[Mailman-Users] How do I run 2.x mailman more securely?

incoming-pythonlists at rjl.com incoming-pythonlists at rjl.com
Thu May 31 13:42:48 EDT 2018

On 05/31/2018 09:52 AM, Mark Sapiro wrote:
> On 05/31/2018 08:10 AM, Carl Zwanzig wrote:
>>> 3.       Can user passwords be eliminated and have the list
>>> administrator make any user adjustments which should not be necessary?
>> At a great loss of utility, sure. This would require a code change.
> The code changes to do it right would not be simple.

Depending on where your users are coming from, it might be easier to
limit access to the GUI using a firewall.  What I do, is to run the
mailman GUI on a non-standard https port.  I then create webserver URL
rewrites that redirect url access to that port.  I use my firewall
(IPTABLES), to control who can access the GUI.  If all of your users
come from a LAN inside an office, you can easily restrict access to only
those on the LAN.  I've also used thing like GEOIP, and other tools to
limit access to specific countries or specific geographic areas or
specific service providers.  Alot of attacks come from outside countries
and limiting access substantially reduces attacks on my servers.

You could also require users to use a VPN or fwknop in order to access
the GUI.  This is easy if your users already access your site over a VPN.


More information about the Mailman-Users mailing list