5 files changed, 19 insertions, 3 deletions

diff --git a/Mailman/Cgi/create.py b/Mailman/Cgi/create.py
index ebb211ae..d72e6967 100644
--- a/Mailman/Cgi/create.py
+++ b/Mailman/Cgi/create.py
@@ -162,6 +162,13 @@ def process_request(doc, cgidata):
         if not ok:
             ok = Utils.check_global_password(auth)
     if not ok:
+        remote = os.environ.get('HTTP_FORWARDED_FOR',
+                 os.environ.get('HTTP_X_FORWARDED_FOR',
+                 os.environ.get('REMOTE_ADDR',
+                                'unidentified origin')))
+        syslog('security',
+               'Authorization failed (create): list=%s: remote=%s',
+               listname, remote)
         request_creation(
             doc, cgidata,
             _('You are not authorized to create new mailing lists'))
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 34a7718e..3a3b7841 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -296,7 +296,7 @@ def main():
                      os.environ.get('REMOTE_ADDR',
                                     'unidentified origin')))
             syslog('security',
-                 'Authorization failed (private): user=%s: list=%s: remote=%s',
+                 'Authorization failed (options): user=%s: list=%s: remote=%s',
                    user, listname, remote)
             # So as not to allow membership leakage, prompt for the email
             # address and the password here.
diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py
index 4472c1c5..4c37a15d 100644
--- a/Mailman/Cgi/rmlist.py
+++ b/Mailman/Cgi/rmlist.py
@@ -127,6 +127,13 @@ def process_request(doc, cgidata, mlist):
                            mm_cfg.AuthListAdmin,
                            mm_cfg.AuthSiteAdmin),
                           password) == mm_cfg.UnAuthorized:
+        remote = os.environ.get('HTTP_FORWARDED_FOR',
+                 os.environ.get('HTTP_X_FORWARDED_FOR',
+                 os.environ.get('REMOTE_ADDR',
+                                'unidentified origin')))
+        syslog('security',
+               'Authorization failed (rmlist): list=%s: remote=%s',
+               mlist.internal_name(), remote)
         request_deletion(
             doc, mlist,
             _('You are not authorized to delete this mailing list'))
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index abf87e08..eddd697b 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -123,8 +123,8 @@ def main():
                  os.environ.get('REMOTE_ADDR',
                                 'unidentified origin')))
         syslog('security',
-               'Authorization failed (roster): list=%s: remote=%s',
-               listname, remote)
+               'Authorization failed (roster): user=%s: list=%s: remote=%s',
+               addr, listname, remote)
         return
 
     # The document and its language
diff --git a/NEWS b/NEWS
index 2d9bfa68..cfca39a2 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,8 @@ Here is a history of user visible changes to Mailman.
     - Added bounce recognition for a non-compliant opensmtpd DSN with
       Action: error.  (LP: #1805137)
 
+    - Corrected and augmented some security log messages.  (LP: #1810098)
+
 2.1.29 (24-Jul-2018)
 
   Bug Fixes