one of the users thinks someone hacked his email, I don't have time this morning to analyze mail logs in detail, but does some one has some tips to simply searching mail logs for multiple log in attempts, etc, I'd appreciate some grepping for failed logins show give some clues ?
Rick Romero
2011-Sep-06 21:14 UTC
[Dovecot] dumb Q: how to search for email hack attempts ?
Quoting Voytek <voytek at sbt.net.au>:> one of the users thinks someone hacked his email, I don't have time this > morning to analyze mail logs in detail, but does some one has some tips to > simply searching mail logs for multiple log in attempts, etc, I'd > appreciate some > > grepping for failed logins show give some clues ?# - one of these IPs is not like the others.. grep $username /var/log/maillog | grep -v "no auth|failed" | awk '{print $13}' |sort |uniq Rick