[SOLVED] Admin account - brute force attempts? Lockout?

[billinvegas]

Hi,

very new to Zimbra (and *nix) no please forgive any newbie errors or mistakes...

I have installed, and finally set up a ZCS open source edition on Ubuntu 10.04

Put it online earlier, created domains, domain aliases, users, forwards -
most of the basic stuff we would need a mail serve to do...

Everything working fine, e-mails sent and received for domain and alias domain (very happy)
decided to enable the "lockout" feature, set the attempts to 3, and time to 15 minutes

After about 1 hour or so, I decided to check the admin e-mail to see if
if there were any important notifications sent.

web mail interface reported an "incorrect password"
(I know I have the correct password entered)
web admin interface also showed incorrect password error...

Q: is this the type of message a user would see if the account is in lockout?

Q: where in the logs can I look to find out if this was a brute force attempt that caused a lockout (if this was the case)
Is this a Zimbra log? or is it logged in Linux?

if the admin account is locked out, how can it be re-set?
through the root user?
(was able to ssh to the server, with Ubuntu username / password, and successfully super user'd to root)

at any rate, got paranoid about this and took the server offline (we have another mail server in use - zimbra is hopefully going to be it's replacement)
I'd like to learn how to check to see if it is a brute force attack, or hack by examining the logs...

Oh, finally...

how exactly does one paste the large amounts of text (i.e. logs) in the forum, where the text pasted has the scroll bars
next to it?

thanks!

Bill

[dik23]

Admin Password Reset although you say you've set it to allow you in after 15 mins so whether you need this or not is down to whether you've really forgotten the password or not.

I personally don't have the admin account as an administrator, I have another account for that, although I do keep it because system mail is sent there. I view having admin as admin similar to allowing ssh direct to root.

For pasting logs etc use the [CODE] tags, this is easily available when composing a message above the text input box but below the drop down menu that says Attachments.

Hope this helps

[billinvegas]

don't know if this is a reply situation, or if I should start a new thread...

I also have a couple of users who have very common names as their e-mail addresses (joe, lisa)

I would love to give them new usernames (joeplastname@domain.com)
but they do have an established base of clients / people who use the existing usernames

I also have been reading about brute force attempts on accounts on the mail server. Common names I would guess are an easy target to attempt...

Here's my thoughts, please correct me if I'm wrong...

- no users with common name e-mail addresses (joe@domain.com)
give them an email such as joeplastname@domain.com

- make an alias of "joe" that points to joeplastname@domain.com

Mail sent to joe@domain should get deliverd to joeplastname@domain.com, correct?

What would be the results of a brute force attempt on an alias?
joe@domain.com
it's technically not an account, correct?

Would implementing this, along with strong passwords, account lockout
be a good method to keep the bastards out of our system?

thank you

Bill