I only allow explicit service traffic through. IMAPS, SMTPS, etc. If doveadm is communicating via the IMAP(S) ports then all I can do via firewall is block countries. Which of course I can but I'm asking about any additional hardening for Dovecot itself.

--
Daniel

On May 13, 2023 6:25:06 PM jeremy ardley via dovecot <dovecot@dovecot.org> wrote:

On 14/5/23 09:14, Daniel L. Miller via dovecot wrote:

May 12 15:45:58 cloud1 dovecot: doveadm(194.165.16.78): Error: doveadm 
client not compatible with this server (mixed old and new binaries?)
May 13 03:44:31 cloud1 dovecot: doveadm(45.227.254.48): Error: doveadm 
client not compatible with this server (mixed old and new binaries?)

Since I don't recognize those IPs, the first is out of Panama and the 
other is Belize, I assume these are hostile attackers trying to 
exploit something. How can I defend against this?

Set up a firewall rule that only allows access from an IP range you 
control. For any other source, simply drop the connection.

You can get really fancy and use port forwarding using ssh to connect 
from remote but appear as localhost to the server. This access can be 
configured in dovecot as well as firewall


Jeremy
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org