Paul Tomblin via Mailman-users writes:
I've got my server set up correctly (I hope) and on an https connection, and I *think* I've got it set up so mailman-web will only respond on localhost:8000, but I occasionally get a flood of emails like this:
Internal Server Error: /admin/login/
DoesNotExist at /admin/login/ Site matching query does not exist.
The HTTP_X_FORWARDED_FOR was a clue where it was coming from, and grepping through my apache access logs shows a script kiddie at 185.177.72.38 hammering a miliion urls, 99% of them 404s.
I recommend that you firewall that source IP into oblivion, even if you suppress the emails. Since it's getting to Python, you're spending a lot of cycles even if you return a response rather than reporting to owner.
Is there any way the code could just return a 403 or 418 instead of getting a python error?
If you're willing to suppress the email for *all* HTTP 5xx errors, you probably can do that in settings.py with
LOGGING["loggers"]["django"]["handlers"].remove("mail_admins")
Since you're getting an email, the error was handled. That means this behavior is intentional, but I can't say whether the intention was "we can't be bothered right now" or "we must do that because ...". The URL in question is a generic Django view so Mailman is not going to want to change it (we'd be forking Django internals). You'd have to ask the Django developers. Django channels would also probably be the best place to ask if there's a specific configuration option to suppress or aggregate the emails.
-- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan