I only allow explicit service traffic through. IMAPS, SMTPS, etc. If doveadm is communicating via the IMAP(S) ports then all I can do via firewall is block countries. Which of course I can but I'm asking about any additional hardening for Dovecot itself.

On 14/5/23 09:14, Daniel L. Miller via dovecot wrote:

May 12 15:45:58 cloud1 dovecot: doveadm(194.165.16.78): Error: doveadm 

client not compatible with this server (mixed old and new binaries?)

May 13 03:44:31 cloud1 dovecot: doveadm(45.227.254.48): Error: doveadm 

client not compatible with this server (mixed old and new binaries?)

Since I don't recognize those IPs, the first is out of Panama and the 

other is Belize, I assume these are hostile attackers trying to 

exploit something. How can I defend against this?

Set up a firewall rule that only allows access from an IP range you 

control. For any other source, simply drop the connection.

You can get really fancy and use port forwarding using ssh to connect 

from remote but appear as localhost to the server. This access can be 

configured in dovecot as well as firewall

Jeremy

_______________________________________________

dovecot mailing list -- dovecot@dovecot.org

To unsubscribe send an email to dovecot-leave@dovecot.org