Quoting Voytek <voy...@sbt.net.au>:
one of the users thinks someone hacked his email, I don't have time this morning to analyze mail logs in detail, but does some one has some tips to simply searching mail logs for multiple log in attempts, etc, I'd appreciate some grepping for failed logins show give some clues ?
# - one of these IPs is not like the others..grep $username /var/log/maillog | grep -v "no auth|failed" | awk '{print $13}' |sort |uniq
Rick
