Hi, Thanks! At the moment I don't have a separate IP for mailman. Therefore I cannot use fail2ban. But hopefully, a really long password should be enough to discourage a simple brute force.
Thanks & Regards Aditya Jain On Saturday 03 October 2015 06:44 PM, Mark Sapiro wrote: > On 10/2/15 3:00 PM, Aditya Jain wrote: >> Is there a way in which I can limit the number of failed login attempts >> to the archive to prevent a brute force attempt? > > In recent Mailman, both the private CGI and the options CGI return a 401 > Unauthorized status for a failed login. This makes it easy to use > something like fail2ban to block an IP after a number of failed attempts. > > Also, You can generate more secure passwords by setting > > USER_FRIENDLY_PASSWORDS = No > > in mm_cfg.py, and you can make them longer by setting > MEMBER_PASSWORD_LENGTH = a number > 8. > ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
