4

I am running an IBM Domino 9.0.1 (64-bit) server on a Windows Server 2008 R2.

The problem is that the IMAP server task is not displaying the IP address of the connecting client in the console and log.

Here's an example from the console log:

2016-01-08 04:13:14 nimap: edd [] authentication failure using internet password 2016-01-08 04:13:16 nimap: easter [] authentication failure using internet password 2016-01-08 04:13:19 nimap: felicity [] authentication failure using internet password

Between the brackets [] there should be the IP address. For some reason it is not being output.

In contrast, the SMTP server task displays the IP of the connecting client properly, so I don't expect it to be a DNS or similar network configuration issue.


In order to get more details, I've created an event monitor tied to this event, which runs an agent that saves the details of the event in a document. Here is one such document (displayed as a table of field names/values). As you see, it doesn't contain any useful info about the client's IP.


So, how can I get to know the IP of the connecting client without resolving to TCP monitoring tools?

TIA


P.s.: I'm aware that this is a dictionary attack.

Sam Sirry
  • 191
  • 10

1 Answers1

0

You should be able to perform that with the "IMAP activity logging" as written here. The documentation clearly said:

"IMAP activity logging tracks IMAP session activity, such as the user name, the server name, the IP address of the client, the number of bytes the client sent to and read from the server, and the duration of the session."

Which should be what you are looking for.

BastianW
  • 2,848
  • 4
  • 19
  • 34
  • From what I understand, this only works for authenticated clients. My issue is that I want to identify the IPs causing failing login attempts. – Sam Sirry Dec 01 '16 at 20:40
  • I'll try the "Close records" option and see what it information it can provide.... – Sam Sirry Dec 01 '16 at 20:43