Back to Community Threads
Find failed connection attempts in Log files for ActiveSync / Webmail
Question asked by Charles Michel - 12/17/2016 at 5:33 AM
Unanswered
For SMTP and IMAP, if I set the log settings to Detailed, I can spot failed login attempts by looking for "rsp: 535 Authentication failed" or "login failed" and it also gives me what login was used.
 
How do I spot a failed login attempt and what login was used for ActiveSync or the Webmail? Neither the ActiveSync nor IIS log seems to show anything useful.
Charles Michel Replied
12/20/2016 at 1:49 AM
Adding his comment just so that the question doesn't go unnoticed. I have a server under brute force attack, I would like to be able to find IPs causing failed authentications so that I can ban them at the firewall level automatically.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Upgrading SmarterMail (Domain Conversion)SmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management