ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Alert for distributed smtpauth attack ONLY when successful Login

https://mail.forum.configserver.com/viewtopic.php?t=10206

Page 1 of 1

Alert for distributed smtpauth attack ONLY when successful Login

Posted: 24 Apr 2017, 00:08
by shenzy
Hello,
The 99% of my "distributed smtpauth attack alerts" are for "535 Incorrect authentication". It would be nice if the alert is sent only when successful access to the email account is detected.

Re: Alert for distributed smtpauth attack ONLY when successful Login

Posted: 27 Jul 2017, 07:28
by NotLim
Actually, it is.

The subject is:

Code: Select all

lfd on server.domain.tld: blocked distributed SMTP Logins on account [account@domain.tld]
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited