5 Jun
2012
5 Jun
'12
6:38 p.m.
On Jun 4, 2012, at 8:45 PM, Joseph Tam wrote:
If dovecot-auth is getting input from a local socket, then rhost information is irrelevant since the host doing the asking is the server itself (maybe from another daemon connected to a remote host).
Thanks for the confirmation of my suspicions....
Maybe someone is brute forcing your server's Postfix authenticated SMTP service since Postfix can be configured to use Dovecot's SASL authentication framework.
and for the suggestion -- I do have Postfix using Dovecot-Auth checking for SASL.
I think I'm going to re-install and run Tripwire...
-- Glenn English hand-wrapped from my Apple Mail