I have an instance of Surgemail installed on a virtual server at 
Linode.  I have most stuff turned off and the attack surface seems to be 
small  but missing a couple of details.


I see I have a listener open on TCP 366.  From what I have found this is 
for atrn( I know what atrn is and have used it in the past) but I don't 
see a switch to turn that off to drop that listener.


The other thing I have not looked at in detail is failed logins to the 
admin interface to Surgemail.  I don't know where those are logged so I 
can at least monitor hacker failures trying to break in on that 
interface.  Any pointers would be appreciated.


Thanks,

Lyle Giese

LCR Computer Services, Inc.