How do you find out the account/s involved in Brute Force password events
Question asked by Antony - March 6, 2015 at 8:32 AM
When you have the Abuse detection events configured how can you find out which domains/ users were involved?
The logs seem to record the events and also search by IP records the connection/ disconnection but I cannot find out how to ascertain the user account being attacked.
Is this possible?

2 Replies

Reply to Thread
Make certain your SMTP logs are set to detailed. Check the SMTP logs.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal:
Security Blog:

Web and E-Mail Hosting, E-Mail Security and Consulting
If your logs are set to "Detailed" you can use the search string of "rsp: 535 Authentication failed". Be sure to enable "Display related traffic" 

Reply to Thread