Hello Mark, and thanks for answering!
Can you get the page at /mailman3/postorius/lists/ and /mailman3/ postorius/lists/?all-lists
Yes, those are OK.
If those are OK, look in your web server access logs for
GET /mailman3/ postorius/lists/messages with the same timestamp as those errors. Is there some bogus query fragment on those?
Yes, there are strange-looking long queries there at the times when these errors happen.
Here is an example of what such a request URL looks like, where I have replaced some parts with [...] to avoid including anything sensitive:
I looked up the IP address that those requests come from (all seem to come from the same IP address) and that corresponds to a hostname called something with "scanner" that looks like it belongs to some cybersecurity company. There are also many other requests from that same IP address, including things like "GET /file://etc/passwd" and similar, so it looks like someone is bombarding us with various weird requests as a form of "scanning" where they are trying to find vulnerabilities. That could also explain why we see those "Internal Server Error" errors recurring every day, if they run that vulnerability scan daily.
So maybe those strange request URLs that lead to the error messages "[Django] ERROR (EXTERNAL IP): Internal Server Error" that we are seeing, are constructed by someone who is actively trying to trigger bugs.
But anyway, no matter what strange request URL comes in, I guess the "Internal Server Error" indicates something going wrong in Mailman or in Django, a bug in how the request is processed?
/ Elias