Hello Rob Nothing to do in xmail to get more information, except to run it in debug mode, perhabs
Why not trying to schedule a tcpdump on smtp port 25 for the time period you want (5mn before xx:00 up to 5mn after xx:00 for some days) ? Then you could find more information in the tcp dump (like auth attempt and values, or exact smtp commands send) Francis -----Message d'origine----- De : xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org]De la part de Rob Arends Envoye : mardi 18 janvier 2011 14:43 A : xmail@xmailserver.org Objet : [xmail] Knowing who is failing Auth Logins Hello, I'm running xmail 1.27 on RHEL5.5 The SMTP logs are showing a single AUTH=EFAIL:TYPE=LOGIN every hour at xx:00 hours. It is coming from the same PC I believe, although IP changes, the ISP and area indicated by the rDNS suggests it is the same PC. Most mail clients attempt POP3 more than once an hour, so I'm suspicious. The logs don't indicate the username in the login attempt. Is there any way to report on the username that is being used in the attempt. If nothing else I can contact the user. However if it is a low speed dictionary attack, I'd like to be able to identify that and take some action. Any ideas? Rob :-) _______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail