Hello,
The 99% of my "distributed smtpauth attack alerts" are for "535 Incorrect authentication". It would be nice if the alert is sent only when successful access to the email account is detected.
Alert for distributed smtpauth attack ONLY when successful Login
Re: Alert for distributed smtpauth attack ONLY when successful Login
Actually, it is.
The subject is:
The subject is:
Code: Select all
lfd on server.domain.tld: blocked distributed SMTP Logins on account [account@domain.tld]