Kerio MailServer :: Security

» Main page
- » Support
  - » Documentation
    - » Kerio MailServer 6

Security

The Security log contains information related to Kerio MailServer security as well as information about messages that could not be delivered. The security log contains the following types of events:

Viruses and forbidden attachments detected: Example: a message that contains a virus: [16/Jun/2004 18:37:17] Found virus in mail from <missgold18@hotmail.com> to <support@kerio.com>: W32/Netsky.p@MM [16/Jun/2004 18:37:17] the date and time when the virus was detected Found virus in mail action performed (information that the virus was found) from <missgold18@hotmail.com> email address of the sender to <support@kerio.com> email address of the recipient W32/Netsky.p@MM the type of virus contained in the message
Messages rejected by spam filter: A message with high spam score: [16/Jun/2004 18:37:17] Message from <missgold18@hotmail.com> to <support@kerio.com> rejected by spam filter: score 9.74, threshold 5.00 [16/Jun/2004 18:37:17] the date and time when the message was rejected from <missgold18@hotmail.com> email address of the sender to <support@kerio.com> email address of the recipient rejected by spam filter action performed (rejection by spam filter) score 9.74, threshold 5.00 SpamEliminator evaluation
Failed login attempts: This log contains information about invalid login attempts. These are usually caused by an invalid username/password or blocked IP address. The reason for a specific failed login can be found also in the Warning log (see chapter Warning). [13/Apr/2004 17:35:49] Failed IMAP login from 192.168.36.139, missing parameter in AUTHENTICATE header [13/Apr/2004 17:35:49] the date and time of the failed login Failed IMAP login action performed (failed login attempt) from 192.168.36.139 IP address of the computer used for login attempt There are several possible reasons for login failure: missing parameter in AUTHENTICATE header an incorrect or invalid header with login data has been sent authentication method PLAIN is disabled the authentication method is disabled in Kerio MailServer authentication method CRAM_MD5 is invalid or unknown Kerio MailServer is unable to perform authentication using this method error during authentication with method CRAM-MD5 an error occured during authentication, e.g. during communication with the authentication server authentication with method CRAM-MD5 cancelled by user the authentication was cancelled by the user (client) authentication method PLAIN the authentication of the user failed (the user does not exist, the password is incorrect, the user account in Kerio MailServer is disabled or the authentication couldn't be performed due to the lack of authentication data in Active Directory)
Server misuse attempts (relaying): An example of relaying attempt: [11/Jun/2004 00:36:07] Relay attempt from IP address 61.216.46.197,mail from <wgiwknovry@hotmail.com> to <fodder@falls.igs.net> rejected [11/Jun/2004 00:36:07] the date and time Relay attempt action performed (failed relaying attempt) 61.216.46.197 IP address of the computer used for relaying attempt from <wgiwknovry@hotmail.com> email address of the sender to <fodder@falls.igs.net> email address of the recipient rejected action performed (the message was rejected)
Antibombing: Server overload protection see chapter Antispam Protection of the SMTP Server, section Other constraints. [16/Jun/2004 18:53:43] Directory harvest attack from 213.7.0.87 detected [16/Jun/2004 18:53:43] the date and time of the failed attack Directory harvest attack type of attack from 213.7.0.87 IP address of the computer used for the attempt detected action performed (detected and blocked)
If the sender was found in databases of blacklisted servers: The sender was found in a blacklist database (ORDB, own IP address group) [13/Apr/2004 17:44:02] IP address 212.76.71.93 found in DNS blacklist ORDB, mail from <emily.macdonald@nmc-uk.org> to <support@kerio.com> [13/Apr/2004 17:44:02] the date and time when the message was received 212.76.71.93 IP address used for sending the message found in DNS blacklist ORDB type of action (the address was found in a database of blacklisted servers) from <emily.macdonald@nmc-uk.org> email address of the sender to <support@kerio.com> email address of the recipient

Documentation for Kerio MailServer

Security

Additional Links

Search

Support

Documentation

Authorization

Subscribe

Secondary Information

Login:
Password:
	Remember me on this computer