[SOLVED] Admin account - brute force attempts? Lockout?
very new to Zimbra (and *nix) no please forgive any newbie errors or mistakes...
I have installed, and finally set up a ZCS open source edition on Ubuntu 10.04
Put it online earlier, created domains, domain aliases, users, forwards -
most of the basic stuff we would need a mail serve to do...
Everything working fine, e-mails sent and received for domain and alias domain (very happy)
decided to enable the "lockout" feature, set the attempts to 3, and time to 15 minutes
After about 1 hour or so, I decided to check the admin e-mail to see if
if there were any important notifications sent.
web mail interface reported an "incorrect password"
(I know I have the correct password entered)
web admin interface also showed incorrect password error...
Q: is this the type of message a user would see if the account is in lockout?
Q: where in the logs can I look to find out if this was a brute force attempt that caused a lockout (if this was the case)
Is this a Zimbra log? or is it logged in Linux?
if the admin account is locked out, how can it be re-set?
through the root user?
(was able to ssh to the server, with Ubuntu username / password, and successfully super user'd to root)
at any rate, got paranoid about this and took the server offline (we have another mail server in use - zimbra is hopefully going to be it's replacement)
I'd like to learn how to check to see if it is a brute force attack, or hack by examining the logs...
how exactly does one paste the large amounts of text (i.e. logs) in the forum, where the text pasted has the scroll bars
next to it?