[Dovecot] dumb Q: how to search for email hack attempts ?
Rick Romero
rick at havokmon.com
Wed Sep 7 00:14:26 EEST 2011
Quoting Voytek <voytek at sbt.net.au>:
> one of the users thinks someone hacked his email, I don't have time this
> morning to analyze mail logs in detail, but does some one has some tips to
> simply searching mail logs for multiple log in attempts, etc, I'd
> appreciate some
>
> grepping for failed logins show give some clues ?
# - one of these IPs is not like the others..
grep $username /var/log/maillog | grep -v "no auth|failed" | awk
'{print $13}' |sort |uniq
Rick
More information about the dovecot
mailing list