[Dovecot] POP3 Dictionary Attack Causes Complete Dovecot Failure Without Notice
Timo Sirainen
tss at iki.fi
Tue Mar 11 09:19:24 EET 2008
On Mon, 2008-03-10 at 21:56 +0000, Sabahattin Gucukoglu wrote:
> Whenever my Dovecot installation is POP3-dictionary-attacked, a large
> number of log entries written to /var/log/local0 from the syslog showing
> all the POP3 login and shadow lookup failures is produced and then the
> entire Dovecot installation crashes, master and all. Unfortunately, it
> was running unattended under normal use, is apparently quite hard to
> reproduce (I wrote a Tcl script that just pipelined a load of random
> strings with user/pass but nothing interesting happened), and leaves no
> actual diagnosis or core dump for the crash. Hopefully there's enough
> information for you to at least guess what's happening.
>
> I know some of this is outdated and a bit optimistically configured. It's
> my hope to get this all upgraded very soon, but thought you should have it
> in case it turns out to be an obvious bug.
>
> Dovecot version: 1.0rc7
I think there's a very good chance this has been fixed already. At least
no-one else has complained about it and there are pretty big v1.0
installations. For example v1.0.rc9 had:
- Lots of fixes to login/master process handling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080311/b2265d0b/attachment.bin
More information about the dovecot
mailing list