Page 1 of 1
MailWatch Login Log
Posted: 15 Nov 2020 11:46
by tobiasp
Hi,
does someone know if MailWatch writes failed login attempts to a log file?
cheers,
Tobias
Re: MailWatch Login Log
Posted: 19 Nov 2020 00:36
by shawniverson
Yes, take a look in the apache logs. You should see the failure responses logged.
Re: MailWatch Login Log
Posted: 19 Nov 2020 14:16
by tobiasp
The only thing I found was this line in "ssl_request_log":
Code: Select all
84.112.4.48 TLSv1.3 TLS_AES_128_GCM_SHA256 "GET /mailscanner/login.php?error=baduser HTTP/1.1"
this is not really something I could track with fail2ban because if someone just posts the login form but does not follow the redirect this is not called.
and on the other hand this adress could be called even if nothing was entered in the login mask.
do you think there is real authentication failure entry somewhere?
Re: MailWatch Login Log
Posted: 21 Nov 2020 14:47
by shawniverson
This would be a good question for MailWatch. I think there is an audit table in the database that might log failures.