On Tue, Jun 05, 2012 at 09:38:49AM -0600, Glenn English wrote:
On Jun 4, 2012, at 8:45 PM, Joseph Tam wrote:
If dovecot-auth is getting input from a local socket, then rhost information is irrelevant since the host doing the asking is the server itself (maybe from another daemon connected to a remote host).
Thanks for the confirmation of my suspicions....
What suspicions were confirmed?
Maybe someone is brute forcing your server's Postfix authenticated SMTP service since Postfix can be configured to use Dovecot's SASL authentication framework.
And these brute force attempts would be logged, each one.
and for the suggestion -- I do have Postfix using Dovecot-Auth checking for SASL.
I think I'm going to re-install and run Tripwire...
I think you are overreacting.
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: