[Dovecot] dumb Q: how to search for email hack attempts ?
    Rick Romero 
    rick at havokmon.com
       
    Wed Sep  7 00:14:26 EEST 2011
    
    
  
Quoting Voytek <voytek at sbt.net.au>:
> one of the users thinks someone hacked his email, I don't have time this
> morning to analyze mail logs in detail, but does some one has some tips to
> simply searching mail logs for multiple log in attempts, etc, I'd
> appreciate some
>
> grepping for failed logins show give some clues ?
# - one of these IPs is not like the others..
grep $username /var/log/maillog | grep -v "no auth|failed" | awk  
'{print $13}' |sort |uniq
Rick
    
    
More information about the dovecot
mailing list