X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-8-124-adsl.sparkbb.co.nz; envelope-from=<surgemail-support@netwinsite.com>;
X-Received: from [192.168.1.72] (115-188-8-124-adsl.sparkbb.co.nz [115.188.8.124])
by netwin.co.nz (SurgeMail 7.4k) with ESMTP (TLS) id 21167906-1391920
for <surgemail-list@netwin.co.nz>; Thu, 26 Mar 2020 00:44:55 +0000
X-Return-Path: surgemail-support
Subject: Re: [SurgeMail List] atrn and port 366 Plus logging admin password
fails
To: surgemail-list@netwin.co.nz
References: <7b24b0fb-52a1-4963-6509-33304190e0a7@lcrcomputer.info>
From: Surgemail Support
Message-ID: <a6d6f4a7-37f7-1fad-70ec-a95c0ee576f7@netwinsite.com>
Date: Thu, 26 Mar 2020 13:44:48 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <7b24b0fb-52a1-4963-6509-33304190e0a7@lcrcomputer.info>
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 1, in=11, out=0, spam=0 ip=115.188.8.124
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
On 26/03/2020 10:39 am, Lyle Giese wrote:
> I have an instance of Surgemail installed on a virtual server at
> Linode. I have most stuff turned off and the attack surface seems to
> be small but missing a couple of details.
>
>
> I see I have a listener open on TCP 366. From what I have found this
> is for atrn( I know what atrn is and have used it in the past) but I
> don't see a switch to turn that off to drop that listener.
>
g_atrn_port "disabled"
>
> The other thing I have not looked at in detail is failed logins to the
> admin interface to Surgemail. I don't know where those are logged so
> I can at least monitor hacker failures trying to break in on that
> interface. Any pointers would be appreciated.
>
Good question, admin interface failed logins are not logged currently,
I'll address that in the next build. Successful admin actions are logged
in 'admin_yyyymm.rec' log files.
I recommend setting:
g_admin_ip "safe.ip.addresses.*,other.address"
to keep the system secure.
ChrisP.
>
> Thanks,
>
> Lyle Giese
>
> LCR Computer Services, Inc.
>
>
--
p.s. We'd love a link from your website to our new domain: https://surgemail.com if/when u have time.
|