MailWatch Login Log

General eFa discussion
Post Reply
tobiasp
Posts: 7
Joined: 15 Nov 2020 10:42

MailWatch Login Log

Post by tobiasp » 15 Nov 2020 11:46

Hi,

does someone know if MailWatch writes failed login attempts to a log file?

cheers,
Tobias

User avatar
shawniverson
Posts: 3230
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: MailWatch Login Log

Post by shawniverson » 19 Nov 2020 00:36

Yes, take a look in the apache logs. You should see the failure responses logged.

tobiasp
Posts: 7
Joined: 15 Nov 2020 10:42

Re: MailWatch Login Log

Post by tobiasp » 19 Nov 2020 14:16

The only thing I found was this line in "ssl_request_log":

Code: Select all

84.112.4.48 TLSv1.3 TLS_AES_128_GCM_SHA256 "GET /mailscanner/login.php?error=baduser HTTP/1.1"
this is not really something I could track with fail2ban because if someone just posts the login form but does not follow the redirect this is not called.
and on the other hand this adress could be called even if nothing was entered in the login mask.

do you think there is real authentication failure entry somewhere?

User avatar
shawniverson
Posts: 3230
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: MailWatch Login Log

Post by shawniverson » 21 Nov 2020 14:47

This would be a good question for MailWatch. I think there is an audit table in the database that might log failures.

Post Reply