tracking smtp authentication

S

swebs

Guest
I have smtp authentication required on my server but it seems that someone might have figured out one of the users/password so that they can send spam.

when I look in the secure log I can see a lot of "START : smtp" messages.

How can I see or figure out which user is authenticating these session?

Is there somewhere in Plesk that I can turn on logging to see the TO and FROM in a log file to be able to determine if there is abuse going on?

Thanks in advance.
 
You must log in or register to reply here.

Similar threads

M
Issue Email - How to distinguish password authentication method or connection security to connect to email?
Replies
7
Views
9K
learning_curve
learning_curve
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
1K
Vladimir C.
V
F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
8
Views
9K
Sebahat.hadzhi
Sebahat.hadzhi
I
Resolved External SMTP Server Settings
Replies
7
Views
2K
Ither
I
N
Issue Problem: SASL PLAIN authentication failed
Replies
3
Views
1K
Vladimir C.
V
Back
Top