hello all


we are a medium sized provider using icewarp for 5k+ accounts. with that number, it happens one or twice a month that one account gets 'hacked' (most likely the user is just dumb enough to enter his login credentials to some phising site) and the account gets misused to send spam. we mitigate this by having relatively low max mails per day limits on the single accounts and an alert to us administrators. but then the account is locked down, the customer calls us complaining he can't sent mails anymore and we have to go into the logs to see what has happened.


we do this with a coldfusion routine that parses the smtp text logs and writes the key metadata into a searchable and filterable sql server database. key params are date, sender, recipient, authenticated user (smtp auth), ip address of sender and message status (sent, held back, denied etc). for this, i recyle the log once an hour to have a managable size to process and not too much delay for database searchability.


now, it would be so great when icewarp could push these core mail params directly using syslog to a syslog server (maybe some special syslog feature besides the current 'full log dump' (which just overwhelmes by data amount).


because that would allow to do much more real time processing like '50 mails sent from ip in russia when the client has logged in an hour ago from switzerland -> lock down that account for further investigation using the api' etc. or also allow the customer to see his own mail traffic in real time using our customer web portal.


that would be really neat...


kind regards


lukas