Re: [Mailman-Users] Fail2ban on the Mailman web interface

[Jim Popovitch via Mailman-Users]

On Sun, 2018-06-03 at 13:52 -0300, Henrique Fagundes wrote:
> Dear Colleagues,
> 
> Good afternoon!
> 
> I begin by apologizing for the fact that this text is difficult to 
> interpret because I am Brazilian and I do not have many English
> language 
> skills.
> 
> I'm having a hard time using Fail2Ban along with MailMan mailing
> list 
> management software.
> 
> My idea is that when the attacker / attacker incorrectly enters the 
> password of the login field in the web interface, it is blocked. But
> for 
> this to work, it is necessary for MailMan to report unsuccessful
> login 
> attempts in its log.
> 
> I have already checked to see if there is a plugin or extension
> (just 
> like it exists for Wordpress and PHPMyAdmin), but it seems like there
> is 
> nothing developed for this.
> 
> So I would like to know if anyone has ever had the need to do this 
> implementation, so I can have some way.
> 
> If anyone can help me, I will be very grateful.

Hello,

I use the attached patch for Mailman/Utils.py to log the listname and
remoteIP to the mischief log.

Mark, if you think this should be in the regular release let me know
and I'll submit a merge request.

-Jim P.


=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2015-09-17 17:11:08 +0000
+++ Mailman/Utils.py	2015-10-20 13:36:09 +0000
@@ -104,7 +104,11 @@
     # But first ensure the list name doesn't contain a path traversal
     # attack.
     if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
-        syslog('mischief', 'Hostile listname: %s', listname)
+        remote = os.environ.get('HTTP_FORWARDED_FOR',
+                 os.environ.get('HTTP_X_FORWARDED_FOR',
+                 os.environ.get('REMOTE_ADDR',
+                                'unidentified origin')))
+        syslog('mischief', 'Hostile listname: listname=%s remote=%s', listname, remote)
         return False
     basepath = Site.get_listpath(listname)
     for ext in ('.pck', '.pck.last', '.db', '.db.last'):

signature.asc
Description: This is a digitally signed message part

------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org