1 Topic by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Topic: how to check who was logging

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====
Maybe it's too simple questions, but I want to know what is the best practice to chceck
- who was logging to mail system, who tried to log without password or wrong password, etc   - I check /var/log/maillog
- I don't use /var/openldap/iredapd.log - there are only info who sent email ...
- in this file openldap.log, which is the best level to see attempts with bad passwords

To sum up, I'd like to know how you check  who tried to log to mail... It is difficult to search in /var/log/maillog ...

thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,163

Re: how to check who was logging

m.krzaczek wrote:

- who was logging to mail system

Check /var/log/dovecot.log.

m.krzaczek wrote:

who tried to log without password or wrong password, etc   - I check /var/log/maillog

Check /var/log/maillog for smtp user, check /var/log/dovecot.log for POP3/IMAP user.

Just curious, may i know why you need this info and what do you want to do with this info?
Fail2ban will scan log files and ban client IP address if there're too many password failures from them.