starred/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-04-26 08:45:54 +03:00
Code Issues Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #250] Unable to access documentation website #164

New issue
Closed
opened 2026-03-15 12:56:12 +03:00 by kerem · 6 comments
kerem commented 2026-03-15 12:56:12 +03:00
Owner
Copy link

Originally created by @axelgenus on GitHub (Feb 23, 2024).
Original GitHub issue: https://github.com/axllent/mailpit/issues/250

I am trying to access the website and the documentation but I receive a message stating that 87% of connections from your network have been flagged as abusive. Now, "my network" is actually my entire ISP network and I really can't control what other users do. Is it possible to make the documentation available with the source code, on the GH Wiki or somewhere else?

Originally created by @axelgenus on GitHub (Feb 23, 2024). Original GitHub issue: https://github.com/axllent/mailpit/issues/250 I am trying to access the website and the documentation but I receive a message stating that `87% of connections from your network have been flagged as abusive`. Now, "my network" is actually my entire ISP network and I really can't control what other users do. Is it possible to make the documentation available with the source code, on the GH Wiki or somewhere else?
kerem closed this issue 2026-03-15 12:56:17 +03:00
kerem commented 2026-03-15 12:56:23 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Feb 23, 2024):

Sorry for the inconvenience @axelgenus. Firstly yes, your connection was flagged on the server by the WAF (web application firewall) due to high percentage ratio of reported (AbuseIPDb, StopForumSpam etc) abusive connections originating from your network. In addition to that, your browser also failed 3 automatic reCAPTCHA attempts which led to the temporary block.

Without any details I can only guess the approximate time and your IP address (I'm assuming 95.110.181.xxx), but from what I can tell your connection appears to be originating from the aruba.it network? If so, then this does not appear to be a regular ISP, but rather a VPS & website hosting company which also offers fibre internet. Unfortunately (for you and them), there is no way to distinguish between the two, and they obviously either host abusing services (eg: customer VPS servers), or abusive clients using their fibre - there is no way to tell.

Originally the documentation was hosted on the GH wiki, but this was extremely limited and not user friendly at all, so I set up the Mailpit website instead. The website code itself is not a public repository as it requires a specific CI build & deployment process which is not public.

Your best options I can think of is to use the wayback machine for a historical (and a bit out of date) copy of the website.

I hope this helps?

<!-- gh-comment-id:1961918884 --> @axllent commented on GitHub (Feb 23, 2024): Sorry for the inconvenience @axelgenus. Firstly yes, your connection was flagged on the server by the WAF (web application firewall) due to high percentage ratio of reported (AbuseIPDb, StopForumSpam etc) abusive connections originating from your network. In addition to that, your browser **also** failed 3 automatic reCAPTCHA attempts which led to the temporary block. Without any details I can only guess the approximate time and your IP address (I'm assuming 95.110.181.xxx), but from what I can tell your connection appears to be originating from the `aruba.it` network? If so, then this does not appear to be a regular ISP, but rather a VPS & website hosting company which also offers fibre internet. Unfortunately (for you and them), there is no way to distinguish between the two, and they obviously either host abusing services (eg: customer VPS servers), or abusive clients using their fibre - there is no way to tell. Originally the documentation was hosted on the GH wiki, but this was extremely limited and not user friendly at all, so I set up the Mailpit website instead. The website code itself is not a public repository as it requires a specific CI build & deployment process which is not public. Your best options I can think of is to use the wayback machine for a historical (and a bit out of date) [copy of the website](https://web.archive.org/web/20231127145803/https://mailpit.axllent.org/docs/). I hope this helps?
kerem commented 2026-03-15 12:56:28 +03:00
Author
Owner
Copy link

@axelgenus commented on GitHub (Feb 24, 2024):

Yes, my ISP offers miscellaneous Internet-related services. I can understand the whole point about security, but it looks a bit too harsh to block all IP’s owned by an ISP.

About my browser failing “automatic reCAPTCHA”, what do you mean exactly? I have a DNS block list on my firewall, can it be the cause of that?

Anyways, I managed to access the website from my remote office VM.

<!-- gh-comment-id:1962285639 --> @axelgenus commented on GitHub (Feb 24, 2024): Yes, my ISP offers miscellaneous Internet-related services. I can understand the whole point about security, but it looks a bit too harsh to block all IP’s owned by an ISP. About my browser failing “automatic reCAPTCHA”, what do you mean exactly? I have a DNS block list on my firewall, can it be the cause of that? Anyways, I managed to access the website from my remote office VM.
kerem commented 2026-03-15 12:56:33 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Feb 24, 2024):

In all fairness you weren't actually immediately "blocked", your browser was challenged using an "invisible reCAPTCHA". It would appear your DNS blocking likely prevented your browser from actually doing the challenge successfully, and so it failed the test.

Again, I am really sorry you had this issue, but this is a rather extreme edge-case (you being on a network with such a high reported abuse score AND blocking/hindering the functionality which is there to provide a way through for "humans"). I deal a lot with internet security, and the percentage of malicious website traffic is scary. There is always the risk of some collateral damage (false positives), but at the same time the WAF blocks the vast majority of bad actors before they even hit the websites that sit behind the WAF. The "percentage bad actors" method that blocked you is only one of several tests done per request, per connection, but it does work well as a first line of defence.

I'm glad you managed to find a work-around though ;-)

<!-- gh-comment-id:1962315200 --> @axllent commented on GitHub (Feb 24, 2024): In all fairness you weren't actually immediately "blocked", your browser was challenged using an "[invisible reCAPTCHA](https://developers.google.com/recaptcha/docs/invisible)". It would appear your DNS blocking likely prevented your browser from actually doing the challenge successfully, and so it failed the test. Again, I am really sorry you had this issue, but this is a rather extreme edge-case (you being on a network with such a high reported abuse score AND blocking/hindering the functionality which is there to provide a way through for "humans"). I deal a lot with internet security, and the percentage of malicious website traffic is scary. There is always the risk of some collateral damage (false positives), but at the same time the WAF blocks the vast majority of bad actors before they even hit the websites that sit behind the WAF. The "percentage bad actors" method that blocked you is only one of several tests done per request, per connection, but it does work well as a first line of defence. I'm glad you managed to find a work-around though ;-)
kerem commented 2026-03-15 12:56:38 +03:00
Author
Owner
Copy link

@edubacco commented on GitHub (Apr 29, 2025):

Same problem here, and I have the ISP "aruba.it".
I can see the doc via my mobile connection or via wayback machine, but I agree with axelgenus that blocking all IP's owned an ISP is too restrictive..
I've been using aruba for about a year now, and I spend online at least 8h / day; this is the first time something like this happens to me.

<!-- gh-comment-id:2838112853 --> @edubacco commented on GitHub (Apr 29, 2025): Same problem here, and I have the ISP "aruba.it". I can see the doc via my mobile connection or via wayback machine, but I agree with axelgenus that blocking all IP's owned an ISP is too restrictive.. I've been using aruba for about a year now, and I spend online at least 8h / day; this is the first time something like this happens to me.
kerem commented 2026-03-15 12:56:44 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Apr 30, 2025):

Hi @edubacco. I am sorry to hear you have difficulties accessing the site. The website does sit behind a fairly advanced Web Application Firewall, but like all WAFs, it can at times be a fairly blunt tool especially considering the ever-increasing abusive behavior and growing networks used in targeted attacks. In regards to aruba.it (Aruba S.p.A.), this is a very abusive network with over 90% of all connections coming from this provider being reported online for abusive behavior.

Unfortunately for you, it appears Aruba both provide hosting services as well as consumer internet (if I understand you correctly?) so you got grouped into a general assumption that anything originating from this network is "evil".

I have modified the associated firewall rules to be less blunt in future, and it should only block all access from IPs from abusive networks which have been specifically reported. Assuming your IP is one of the IPv6 IPs from this network (the only range that has not been reported) then you should have access again now.

<!-- gh-comment-id:2840845827 --> @axllent commented on GitHub (Apr 30, 2025): Hi @edubacco. I am sorry to hear you have difficulties accessing the site. The website does sit behind a fairly advanced Web Application Firewall, but like all WAFs, it can at times be a fairly blunt tool especially considering the ever-increasing abusive behavior and growing networks used in targeted attacks. In regards to `aruba.it` (`Aruba S.p.A.`), this is a very abusive network with over 90% of all connections coming from this provider being reported online for abusive behavior. Unfortunately for you, it appears Aruba both provide hosting services as well as consumer internet (if I understand you correctly?) so you got grouped into a general assumption that anything originating from this network is "evil". I have modified the associated firewall rules to be less blunt in future, and it should only block all access from IPs from abusive networks which have been specifically reported. Assuming your IP is one of the IPv6 IPs from this network (the only range that has not been reported) then you should have access again now.
kerem commented 2026-03-15 12:56:49 +03:00
Author
Owner
Copy link

@edubacco commented on GitHub (Apr 30, 2025):

Hey @axllent, thanks for your response!
I understand your concern about security, and I wasn't aware of the statistics about the abusing behaviour of connections coming from aruba.it. I will keep this in mind in future.
I confirm that aruba provides consumer internet (at least here in Italy). Thanks for updating your firewall rules, now I'm able to access the documentation. Me and all other italian developers will be happy using your excellent mailpit project :)

<!-- gh-comment-id:2841279744 --> @edubacco commented on GitHub (Apr 30, 2025): Hey @axllent, thanks for your response! I understand your concern about security, and I wasn't aware of the statistics about the abusing behaviour of connections coming from `aruba.it`. I will keep this in mind in future. I confirm that aruba provides consumer internet (at least here in Italy). Thanks for updating your firewall rules, now I'm able to access the documentation. Me and all other italian developers will be happy using your excellent mailpit project :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
v1.29.7
v1.29.6
v1.29.5
v1.29.4
v1.29.3
v1.29.2
v1.29.1
v1.29.0
v1.28.4
v1.28.3
v1.28.2
v1.28.1
v1.28.0
v1.27.11
v1.27.10
v1.27.9
v1.27.8
v1.27.7
v1.27.6
v1.27.5
v1.27.4
v1.27.3
v1.27.2
v1.27.1
v1.27.0
v1.26.2
v1.26.1
v1.26.0
v1.25.1
v1.25.0
v1.24.2
v1.24.1
v1.24.0
v1.23.2
v1.23.1
v1.23.0
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.21.1
v1.21.0
v1.20.7
v1.20.6
v1.20.5
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.18.7
v1.18.6
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.1
v1.17.0
v1.16.0
v1.15.1
v1.15.0
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.9.10
v1.9.9
v1.9.8
v1.9.7
v1.9.6
v1.9.5
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.1
v1.7.0
v1.6.22
v1.6.21
v1.6.20
v1.6.19
v1.6.18
v1.6.17
v1.6.16
v1.6.15
v1.6.14
v1.6.13
v1.6.12
v1.6.11
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.0
v1.3.11
v1.3.10
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.9
v1.2.8
v1.2.7
v1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.0
1.0.0-beta1
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.9
0.0.8
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
0.0.1-beta
Labels
Clear labels   
awaiting feedback

   
bug

   
docker

   
documentation

   
enhancement

   
github_actions

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
wontfix
No labels
awaiting feedback
bug
docker
documentation
enhancement
github_actions
invalid
pull-request
question
stale
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mailpit#164
No description provided.