Back to Community Threads
How do you find out the account/s involved in Brute Force password events
Question asked by Antony - 3/6/2015 at 8:32 AM
Unanswered
When you have the Abuse detection events configured how can you find out which domains/ users were involved?
The logs seem to record the events and also search by IP records the connection/ disconnection but I cannot find out how to ascertain the user account being attacked.
Is this possible?
Bruce Barnes Replied
3/8/2015 at 2:08 AM
Make certain your SMTP logs are set to detailed. Check the SMTP logs.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Scarab Replied
3/9/2015 at 11:55 AM
If your logs are set to "Detailed" you can use the search string of "rsp: 535 Authentication failed". Be sure to enable "Display related traffic" 
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Find a Compromised AccountSmarterMail > Troubleshooting
Reset Administrator Username and PasswordSmarterMail > Installation and Configuration
Legal Holds and LitigationSmarterMail > Installation and Configuration