SurgeMail Archive: Re: [SurgeMail List] atrn and port 366 Plus logging admin password fail

Subject:	Re: [SurgeMail List] atrn and port 366 Plus logging admin password fail
From:	Surgemail Support
Date:	26-Mar-2020
On 26/03/2020 10:39 am, Lyle Giese wrote: > I have an instance of Surgemail installed on a virtual server at > Linode. I have most stuff turned off and the attack surface seems to > be small but missing a couple of details. > > > I see I have a listener open on TCP 366. From what I have found this > is for atrn( I know what atrn is and have used it in the past) but I > don't see a switch to turn that off to drop that listener. > g_atrn_port "disabled" > > The other thing I have not looked at in detail is failed logins to the > admin interface to Surgemail. I don't know where those are logged so > I can at least monitor hacker failures trying to break in on that > interface. Any pointers would be appreciated. > Good question, admin interface failed logins are not logged currently, I'll address that in the next build. Successful admin actions are logged in 'admin_yyyymm.rec' log files. I recommend setting: g_admin_ip "safe.ip.addresses.*,other.address" to keep the system secure. ChrisP. > > Thanks, > > Lyle Giese > > LCR Computer Services, Inc. > > -- p.s. We'd love a link from your website to our new domain: https://surgemail.com if/when u have time.


Search website: