Updating to the latest release will add an ip address to that log entry.

Failing that you'd need to grep mail.log for -1292375152: to find the ip 
address but that will only work for a recent one.

A wiser option is probably to ensure you have set:
     g_hacker_max "15"
This will automatically lockout ip addresses that keep trying to guess 
passwords,  don't set it too low!!!, and if your users all connect via
a common ip address/gateway then don't use it of course :-)

     ChrisP.


On 9/17/2015 1:45 AM, surgemailHIDDEN@etwinsite.com wrote:
> i've started getting a lot of attempted imap logins which show up in 
> login_failed.log:
>
> 16 08:01:29.00:-1292375152: imap:HIDDEN@m password wrong or not a 
> valid user
>
> address has been obfuscated above, but it is not a valid user in the 
> domain, which IS valid.
>
> since this is happening repeatedly with the same credentials, i like 
> to find the originating ip address of these attempts so i can block 
> them using iptables.
>
> where might i find this info?
>
> david camm
> advanced web systems
> keller, tx
>