Non-user logins?
Ken Wright
daddywarlock at gmail.com
Sat Jan 8 04:35:01 UTC 2022
On Fri, 2022-01-07 at 23:27 -0500, Dave McGuire wrote:
> On 1/7/22 11:24 PM, Ken Wright wrote:
> > My Dovecot issues continue. Right now I see at least two issues:
> > first, my logs consistently show non-users trying (and failing) to
> > log in, and I'm still unable to log in from my email client
> > (Evolution or Roundcube, either one).
> >
> > I'll post about the second issue later; right now I wonder why I'm
> > getting so many non-users trying to log in. Am I the subject of
> > concerted hacking attacks, or is there something else going on?
> > Some of the attempted logins are more-or-less random names claiming
> > to be @mydomain, but at least one is a username that's really on my
> > server, to wit:
> >
> > Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server:
> > conn unix:pid=776262,uid=117 [3]: rcpt www-data at mydomain.com:
> > Failed to lookup user www-data at mydomain.com: Internal error
> > occurred. Refer to server log for more information.
> >
> > (Another quick question: which server log should I check?)
> >
> > So, if anyone can tell me what's going on with all these logins,
> > I'd be much obliged!
>
> I see them all the time on the mail servers I run. Typical kids
> trying to mess with other peoples' stuff. I run fail2ban to catch
> those log entries and block the source IP address for a month on the
> first failed login. At any one time I have between 12,000 and 15,000
> addresses in my blocked list for IMAP.
Dave, that's exactly the kind of answer I was looking for. Fail2ban,
huh? I'll have to check that out. Thanks again!
Ken
More information about the dovecot
mailing list