2
How do you find out the account/s involved in Brute Force password events
Question asked by Antony - March 6, 2015 at 8:32 AM
Unanswered
When you have the Abuse detection events configured how can you find out which domains/ users were involved?
The logs seem to record the events and also search by IP records the connection/ disconnection but I cannot find out how to ascertain the user account being attacked.
Is this possible?

2 Replies

Reply to Thread
0
Bruce Barnes Replied
March 8, 2015 at 2:08 AM
Make certain your SMTP logs are set to detailed. Check the SMTP logs.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Scarab Replied
March 9, 2015 at 11:55 AM
If your logs are set to "Detailed" you can use the search string of "rsp: 535 Authentication failed". Be sure to enable "Display related traffic" 

Reply to Thread