Hello everyone,
Astaro will display in the "Management overview" tab a list of all failed authentication attempts in addition to successful web admin logons.
Unfortunately, while the web admin related entries have the "IP address" fields populated, failed logon that comes from SMTP auth (and I assume, the other modules) are listed as "0.0.0.0".
- Is there a convenient way to get that list of sources of incorrect SMTP logon attempts ?
- Is there a convenient way to display the source module for a specific failed logon ?
I'm asking because I see an increasing number of brute force attempt against our SMTP subsystem and I'd like to do a more finely grained analysis of these attacks in order to identify emerging patterns (plus, in case of success, I will positively NEED these source IP address for further investigations).
This thread was automatically locked due to age.