Back to Community Threads
1
Webmail login Logs?
Question asked by Jay Altemoos - 6/11/2024 at 6:41 AM
Unanswered
Good day everyone,
Anyone know if the newer version of Smartermail have a log specifically for webmail logins? We are currently running version 8747 and have it on our roadmap to upgrade at some point. The reason I am asking, we have a few users that only use the web interface and occasionally lock them selves out, but there have also been instances where someone or something trying to log into the web interface also will lock the legit user out. I see in the IDS blocks section only the username that got blocked. It would be nice to know if there would be a log for web interface logins so I could trap the IP that is not the user to limit down that situation from happenening.

5 Replies

Reply to Thread
0
Kyle Kerst Replied
6/11/2024 at 7:44 AM
Employee Post
The Administrative log category should show all logins (webmail and protocols included) including the IP address the logon originated from. There isn't a webmail-specific log though, no. 

If you're seeing only the username getting blocked by outside actors you may have the Brute Force by IP Address configured to fire later than the Brute Force by Email rule and those should be reversed so the outside actor is blocked before the account becomes blocked. 
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
1
Jay Altemoos Replied
6/11/2024 at 7:59 AM
Good morning Kyle,
Thank you for that information. I will have a look at the admin log and also the security rules you listed. Since I have not touched any of those rules I am suspecting one is definitely firing off before the other. I greatly appreciate the help.
0
Kyle Kerst Replied
6/12/2024 at 7:55 AM
Employee Post
You're very welcome Jay, always happy to help out! :-)
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
1
Jay Altemoos Replied
6/12/2024 at 8:39 AM
Good morning Kyle,

Thank you for that information, as it turns out the Password Brute Force by IP and the Password Brute Force by Email were both set at the same timeframe and threshhold. I made the necessary adjustments so the IP rule will fire off first before the email. The Administrator log also provided me with great information there as well. I just wanted to follow-up just in case anyone else runs into this.
0
Kyle Kerst Replied
6/12/2024 at 3:03 PM
Employee Post
That's great to hear Jay!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Customizing SmarterMail's Webmail InterfaceSmarterMail > Installation and Configuration
Random or Semi-Regular Webmail LogoutsSmarterMail > Troubleshooting
Upgrading SmarterMail (Domain Conversion)SmarterMail > Installation and Configuration
Sync SmarterMail with Apple Address Book and iCal (MacOS 10.7 Lion)SmarterMail > Desktop and Mobile Synchronization
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization