How can I use Warden to track which email accounts are authenticating and sending mail or are being targeted by brute force attacks?

Warden has a comprehensive set of reports to track SMTP auth logins and POP3/IMAP logins. Admins can find them under the Reports tab. These reports can also be added to the Warden dashboard so you will always have them handy.

Important: These reports use the systemd-journal as their data source so the journal must not have errors and be functioning properly. See here for more information.

  1. To track which email accounts are authenticating successfully and sending mail use the SMTP Auth - Success - User or SMTP Auth - Success - User Client Addr reports.
  2. To track which email accounts are authenticating successfully using POP3/IMAP checking their mail use the POP3/IMAP - Success - User or POP3/IMAP - Success - User Client Addr reports.
  3. To track which email accounts are being targeted with SMTP auth brute force attacks use the SMTP Auth - Failure - User or SMTP Auth - Failure - UserClient Addr reports.
  4. To track which email accounts are being targeted with POP3/IMAP brute force attacks use the POP3/IMAP - Failure - User or POP3/IMAP - Failure - User Client Addr reports.

SMTP Auth report

  • smtp_auth, brute force
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...