[Dovecot] Spammers attempting SASL Auth

Simon Brereton simon.brereton at buongiorno.com
Mon Oct 17 19:21:10 EEST 2011


On 17 October 2011 12:10, Tom Pawlowski <tompru at jla.rutgers.edu> wrote:
> Take a look at:
>
> http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c
>
> on line 536. That's the auth service catching illegal characters and
> rejecting the attempt. It'll happen with or without a valid user. So,
> working as it should.
>
> As for spammers trying to brute force valid logins, yep, pretty common.
> Higher rate of success if they can mail from a known good server and
> account.

Okay, thanks for that.  That's the info/reassurance I was after.  In
the meantime I've update fail2ban to take care of it.  You're right
about the higher rate of success, I've just never seen a spammer try
it before - usually their resources are better spend just sending the
mail.  But it's good to know that dovecot will trap and block the
illegal Chars :)

Thanks.

Simon



More information about the dovecot mailing list