Admin and client login on different ports

[sagelike]

Hi there,

Both admin/root login and client Spam report links use the same 8006 port which is less secure.

Would it not make more sense to put client Spam reports and access on port 443 and admin port on 8006? Having both on the same port requires me to open it up to ALL which means hackers can hack away at the admin/root login. I like to keep admin blocked to all except our office IPs.

This change would make PMG a more secure and seems like a relatively simple change to make.

Thanks
G

 

[t.lamprecht]

Hi,

I mean, better safe than sorry and that, but with a 3 second forced pause on failed login one cannot really bruteforce anything but the simplest passwords - and additional option could be using fail2ban. The following guide is for Proxmox VE, but should be really similar for Proxmox Mailgateway: https://pve.proxmox.com/wiki/Fail2ban

Additionally you could disable the root@pam user for the API login, and use another user with the "Administrator" role for daily admin tasks. If really required to login as root@pam again you can re-enable it over ssh (or do the stuff which needed to be root over ssh).

That said, you could put a reverse proxy (like nginx) in front of the quarantine and set the port for rendering the link in the user facing reports:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector_quarantine

This would be the closest to what you request here.

This change would make PMG a more secure and seems like a relatively simple change to make.

It would need to either instantiate a extra http server just for that, or do some magic port binding and rejecting of requests depending on which port they come in, makes things more ugly and less efficient, which we would like to avoid; especially if there are workarounds for reducing the attack surface.

 

[sagelike]

Thanks for your explanation. Makes sense.