Facebook
Twitter- Server operating system version
- Debian 11
- Plesk version and microupdate number
- 18.0.60
Hello,
From time to time spammers uses webmail to send spam (after obtain a password from a client of course) But if you check the logs you can see this in the /var/log/mail.info:
Apr 24 09:35:59 server dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=3457223, TLS, session=<1obCuNIW0t0AAAAAAAAAAAAAAAAAAAAB
Apr 24 09:35:59 dv3 dovecot: service=imap, user=[email protected], ip=[::1]. Disconnected: Logged out rcvd=92, sent=793
So you don´t know the IP of the user who is starting the session in webmail.
Ip is very important as you can see from where is the user login and know if it is the client or not.
But as you can see the login is ip=[::1]
So, if it is possible to know somewhere what is the exact ip of that login?
Thank you
From time to time spammers uses webmail to send spam (after obtain a password from a client of course) But if you check the logs you can see this in the /var/log/mail.info:
Apr 24 09:35:59 server dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=3457223, TLS, session=<1obCuNIW0t0AAAAAAAAAAAAAAAAAAAAB
Apr 24 09:35:59 dv3 dovecot: service=imap, user=[email protected], ip=[::1]. Disconnected: Logged out rcvd=92, sent=793
So you don´t know the IP of the user who is starting the session in webmail.
Ip is very important as you can see from where is the user login and know if it is the client or not.
But as you can see the login is ip=[::1]
So, if it is possible to know somewhere what is the exact ip of that login?
Thank you
