On Mon, 2008-03-10 at 21:56 +0000, Sabahattin Gucukoglu wrote:
Whenever my Dovecot installation is POP3-dictionary-attacked, a large number of log entries written to /var/log/local0 from the syslog showing all the POP3 login and shadow lookup failures is produced and then the entire Dovecot installation crashes, master and all. Unfortunately, it was running unattended under normal use, is apparently quite hard to reproduce (I wrote a Tcl script that just pipelined a load of random strings with user/pass but nothing interesting happened), and leaves no actual diagnosis or core dump for the crash. Hopefully there's enough information for you to at least guess what's happening.
I know some of this is outdated and a bit optimistically configured. It's my hope to get this all upgraded very soon, but thought you should have it in case it turns out to be an obvious bug.
Dovecot version: 1.0rc7
I think there's a very good chance this has been fixed already. At least no-one else has complained about it and there are pretty big v1.0 installations. For example v1.0.rc9 had:
- Lots of fixes to login/master process handling