Monitoring Secure Logins
Typically, users login through multiple channels:
- IMAP
- POP3
- SMTP
- HTTP
Here's an example of how the contents of the log file will look like:
2020-07-24 16:12:25,189 - [IMAP] {SECURE} - mary@mydomain.com - 10.11.12.110 (LAN)
2020-07-25 09:02:29,287 - [IMAP] {SECURE} - charle@mydomain.com - 75.76.77.78 (United States)
2020-07-25 09:12:36,662 - [SMTP] {SECURE} - charle@mydomain.com - 10.11.12.105 (LAN)
2020-07-26 16:12:37,250 - [IMAP] {SECURE} - jimmy@mydomain.com - 79.80.81.82 (United States)
2020-07-26 16:12:45,389 - [IMAP] {SECURE} - sue@mydomain.com - 10.11.12.125 (LAN)
2020-07-27 09:12:46,293 - [HTTP] {SECURE} - derek@mydomain.com - 79.77.75.73 (United States)
2020-07-28 12:12:46,946 - [HTTP] {SECURE} - michael@mydomain.com - 10.11.12.115 (LAN)
2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
In the example above, all the users except for bob did not log in securely for IMAP. Investigating further, their email client is not connected to Xeams IMAP SSL server:
After making adjustments, the log file now shows the correct value:
2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:42:02,759 - [IMAP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
Tip
View this log and search for the wordUNSECURE. This will help you find any connections that were logged in unsecured. Note: In order to use SSL/Starttls, you will need a valid SSL certificate. Please see this page on how to obtain one.
Please see the video below about this feature: