[Dovecot] dovecot dictionary attacks
Timo Sirainen
tss at iki.fi
Thu Nov 11 03:22:08 EET 2010
On 10.11.2010, at 23.03, PA wrote:
> However on my smtp mail server that ip is already sending out all sorts of
> spam with the sasl username of Paramus. This username Paramus never shows up
> on the dovevot dictionary attack, as a matter of fact the user Paramus is
> nowhere to be found on the dovecot log at all and I have logs going back
> months.
>
> I'm just not sure how they guess the username/password as its not on any
> logs that goes back months and I don't have a dovecot record for that user.
Well, probably obvious, but since you didn't explicitly say: You have configured Postfix to use Dovecot for authentication, not Cyrus SASL, right?..
More information about the dovecot
mailing list