On November 29, 2017 at 5:58 AM Alex <mysqlstudent@gmail.com> wrote:
Hi, I'm receiving the following messages in my mail logs that I haven't seen before:
Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?)
There's thousands of them, from hundreds of different IP addresses. I suspect it's an exploit attempt, but does anyone know which?
I've added a fail2ban entry, but I'd also like to make sure my dovecot is not vulnerable. This is on a fc25 system with all updates.
0x13 is carriage return, so it could just be a mistake in the spam robots code.
Aki