Mail.log in webpanel


#1

MIAB is awesome. But for me it could be even better with one (I believe) small improvement in webpanel. Would it be possible to download or view mail.log through webpanel?

I believe one of the greatest advantages of running an own mail server is the access to mail.log. There are tonns of interesting info. Just because of security my root user is disabled. That means when I want to download mail.log I have to ssh login, enable root user, download mail.log, disable root. What is everything but user-friendly.

I believe this would be just a slight change and it would be so great (not just) for me. Is it possible?


#2

What I have done is to install Webmin. I can then access the logs through it. Webmin does not conflict with MiaB in any way as it uses its own web server.


#3

I see. But Webmin is a little bit overkill when just one functionality is needed. But thanks for the tip.


#4

Agreed … but I do use it for other things as well. :slight_smile:


#5

Just for fun I installed pflogsumm. Interesting.


#6

I have a feeling this was done for security reasons.

There are only two ways I can access logs on my server–SSH or through my VPS provider’s control panel. But for simplicity, Let’s only consider SSH.

SSH is very secure, and is specifically intended for Linux system administration. A web browser is not intended for system administration, and is more vulnerable, as you use it to browse cat videos, potential questionable sites, and mail-in-a-box. It is more likely, out of all the things people use web browsers for, that it is vulnerable and will be hacked.

However, SSH, people are intentionally secure with every move. Some people passphrase their SSH keys, which reduces convenience, but improves security. Mail-in-a-Box conveniently has an option to permanently sign in administrators, making the web interface less secure than an SSH interface.

On the other hand, they are just logs. There is no administration performed with logs, it’s just data that is potentially sensitive. No actions performed, just a view-only thing.


#7

Exactly, just for reading. Actually I can imagine scenarios when it could contain sensitive data. But the security beyond login should be sufficient.


#8

Anything is possible if someone codes it. :slight_smile:


#9

Try ssh-agent and keychain to avoid typing your passphrase every time you make a connection.
Multi Factor Authentication (MFA) for MaiB’s admin section would be a good thing. Don’t think it is a trivial thing to do however.