Hi, folks,
I'm trying to interpret some results from an SIEM regarding our Exim
servers and am having difficulty. The SIEM claims that ports 587 and 465
are generating traffic on a high-numbered port. I think it's seeing
artifacts from failed authentications and, in about two-thirds of the
cases, I can line the authentication attempts up with that traffic.
That leaves the other third, which show no sign of authentications in
the logs.
I'm grasping at straws here, I suppose, but I'm wondering: How
reliable is exim logging on a not-very-busy machine? Pretty reliable, I
figure, but these results make me wonder.
Thanks,
John A
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? |
http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<
http://ualr.edu/itservices/security/>.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/