Back to Community Threads
How do you find out the account/s involved in Brute Force password events
Question asked by Antony - 3/6/2015 at 8:32 AM
Unanswered
When you have the Abuse detection events configured how can you find out which domains/ users were involved?
The logs seem to record the events and also search by IP records the connection/ disconnection but I cannot find out how to ascertain the user account being attacked.
Is this possible?
Bruce Barnes Replied
3/8/2015 at 2:08 AM
Make certain your SMTP logs are set to detailed. Check the SMTP logs.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Scarab Replied
3/9/2015 at 11:55 AM
If your logs are set to "Detailed" you can use the search string of "rsp: 535 Authentication failed". Be sure to enable "Display related traffic" 
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Reset the System Administrator Username and Password (Windows)SmarterMail > Installation and Configuration
Autodiscover and Registry Edits for Outlook and MAPISmarterMail > Desktop and Mobile Synchronization