On my fresh, clean 8.6 install, my user login keeps getting pushed to Lockout; I infer by someone trying out passwords on the system.
I have the Samhain brute-force /etc/hosts.allow blocker installed, and if I can figure out in which log file to spot such bogus attempts, I can extend its list to block these as well, but it's not clear to me where login attempts on the webmail client interface go; I looked in /opt/zimbra/log, and I see them, actually, in several files as loginOp.
Any suggestions, folks?
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Which log file should I look in to try to find IP addresses for someone who's DOSing my email login to the WMC on port 443?
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: MSN [Bot] and 14 guests