Announcement

Collapse
No announcement yet.

Which log file for email logins?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Which log file for email logins?

    Hi,

    Trying to get my head about qmail logs. But is there a log file on the server that contains logins for email addresses? So it is able to tell me that user@domain.com has logged into say POP/IMAP or SMTP via IP address etc?

  • #2
    Hi Bertie

    I hope your well

    You can see the qmail logs from /var/log (pop3, pop3-ssl, send, smtp smtp2)

    These logs contains logins and IP addresses for failed and success.

    It depends though what you are wanting to do sorry. So if your wanting to block failed attempts to login using IP address, then install BFD if you have not done so already which will search the logs at specified time intervals, and add failed attempts IP addresses to the firewall blacklist and also, depending how you configure BFD, will email you with the email address used and failed attempts showing IP address

    If you are wanting to see who is using the email services, I think Justic wrote a script to show this, but I could be wrong who wrote the script.

    I think I have the script stored on my computer but would need to search for it later or search the forums

    I hope that helps a little

    Many thanks

    John

    Comment


    • #3
      Originally posted by d2d4j View Post
      Hi Bertie

      I hope your well

      You can see the qmail logs from /var/log (pop3, pop3-ssl, send, smtp smtp2)

      These logs contains logins and IP addresses for failed and success.

      It depends though what you are wanting to do sorry. So if your wanting to block failed attempts to login using IP address, then install BFD if you have not done so already which will search the logs at specified time intervals, and add failed attempts IP addresses to the firewall blacklist and also, depending how you configure BFD, will email you with the email address used and failed attempts showing IP address

      If you are wanting to see who is using the email services, I think Justic wrote a script to show this, but I could be wrong who wrote the script.

      I think I have the script stored on my computer but would need to search for it later or search the forums

      I hope that helps a little

      Many thanks

      John
      Basically - Someone was using one of the email addresses of a client to send out spam emails. I was looking to see if we could determine what IP address they were using to log into the SMTP server to send such emails.

      Comment


      • #4
        Hi Bertie

        Many thanks

        In that instance the logs may or may not help. The send log is the one you need to look at as well as smtp and smtp2 logs

        You will need to know at least 1 email address of the sender who received the spam and the exact time/date in order to search the logs with good confidence of been correct

        If the emails or some of them were still in mail queue, you could stop smtp and view the email to find the details

        Have you set the queue warning from IW-CP to email you if queue exceeds your specified warning limits of emails. This often helps to quickly intervene and stop/locate details needed.

        Many thanks

        John

        Comment

        Working...
        X