On my fresh, clean 8.6 install, my user login keeps getting pushed to Lockout; I infer by someone trying out passwords on the system.
I have the Samhain brute-force /etc/hosts.allow blocker installed, and if I can figure out in which log file to spot such bogus attempts, I can extend its list to block these as well, but it's not clear to me where login attempts on the webmail client interface go; I looked in /opt/zimbra/log, and I see them, actually, in several files as loginOp.
Any suggestions, folks?
Which log file should I look in to try to find IP addresses for someone who's DOSing my email login to the WMC on port 443?
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 10 guests