MailWatch Login Log

General eFa discussion
Post Reply
tobiasp
Posts: 8
Joined: 15 Nov 2020 10:42

MailWatch Login Log

Post by tobiasp »

Hi,

does someone know if MailWatch writes failed login attempts to a log file?

cheers,
Tobias
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: MailWatch Login Log

Post by shawniverson »

Yes, take a look in the apache logs. You should see the failure responses logged.
tobiasp
Posts: 8
Joined: 15 Nov 2020 10:42

Re: MailWatch Login Log

Post by tobiasp »

The only thing I found was this line in "ssl_request_log":

Code: Select all

84.112.4.48 TLSv1.3 TLS_AES_128_GCM_SHA256 "GET /mailscanner/login.php?error=baduser HTTP/1.1"
this is not really something I could track with fail2ban because if someone just posts the login form but does not follow the redirect this is not called.
and on the other hand this adress could be called even if nothing was entered in the login mask.

do you think there is real authentication failure entry somewhere?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: MailWatch Login Log

Post by shawniverson »

This would be a good question for MailWatch. I think there is an audit table in the database that might log failures.
Post Reply