Monitoring Secure Logins


Typically, users login through multiple channels:
  • IMAP
  • POP3
  • SMTP
  • HTTP
Most passwords are hacked because users are not very careful when connecting to the server through each channel. Users often connect unsecurely. Xeams makes it easier to identify users who are not logging in securely. The SuccessfulLogins.log will record any user that entered their credentials correctly. This includes SMTP, HTTP, IMAP and POP3. This is useful to find out which user logged in during a specific time, and if they are logging in securely or not.

Here's an example of how the contents of the log file will look like:

2020-07-24 16:12:25,189 - [IMAP] {SECURE} - mary@mydomain.com - 10.11.12.110 (LAN)
2020-07-25 09:02:29,287 - [IMAP] {SECURE} - charle@mydomain.com - 75.76.77.78 (United States)
2020-07-25 09:12:36,662 - [SMTP] {SECURE} - charle@mydomain.com - 10.11.12.105 (LAN)
2020-07-26 16:12:37,250 - [IMAP] {SECURE} - jimmy@mydomain.com - 79.80.81.82 (United States)
2020-07-26 16:12:45,389 - [IMAP] {SECURE} - sue@mydomain.com - 10.11.12.125 (LAN)
2020-07-27 09:12:46,293 - [HTTP] {SECURE} - derek@mydomain.com - 79.77.75.73 (United States)
2020-07-28 12:12:46,946 - [HTTP] {SECURE} - michael@mydomain.com - 10.11.12.115 (LAN)
2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)


In the example above, all the users except for bob did not log in securely for IMAP. Investigating further, their email client is not connected to Xeams IMAP SSL server:

insecureconnection.jpg

After making adjustments, the log file now shows the correct value:

2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:42:02,759 - [IMAP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)


Tip

View this log and search for the word UNSECURE. This will help you find any connections that were logged in unsecured.

Note: In order to use SSL/Starttls, you will need a valid SSL certificate. Please see this page on how to obtain one.
Please see the video below about this feature: