Which log file should I look in to try to find IP addresses for someone who's DOSing my email login to the WMC on port 443?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Baylink
Outstanding Member
Outstanding Member
Posts: 381
Joined: Fri Sep 12, 2014 11:42 pm

Which log file should I look in to try to find IP addresses for someone who's DOSing my email login to the WMC on port 443?

Postby Baylink » Wed Dec 02, 2015 11:42 am

On my fresh, clean 8.6 install, my user login keeps getting pushed to Lockout; I infer by someone trying out passwords on the system.

I have the Samhain brute-force /etc/hosts.allow blocker installed, and if I can figure out in which log file to spot such bogus attempts, I can extend its list to block these as well, but it's not clear to me where login attempts on the webmail client interface go; I looked in /opt/zimbra/log, and I see them, actually, in several files as loginOp.

Any suggestions, folks?


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 10 guests