26 Jun
2017
26 Jun
'17
9:47 p.m.
On 2017-06-23 15:09, Marcus Rueckert wrote:
On Fri, 23 Jun 2017 11:38:28 -0700 Daniel Miller <dmiller@amfes.com> wrote:
While auditing my logs after an account was compromised, I see a number of entries like:
Jun 23 11:32:18 bubba dovecot: auth: ldap("one-of-my-accounts",127.0.0.1): invalid credentials
webmail?
I thought that as well - because I do have a webmail service - but
that's on a separate virtual server (admittedly, running on this host).
So that shouldn't give me a localhost IP. I also don't see anything in
the webmail logs corresponding to the dovecot logs.
Daniel