There isn't enough information presented to assist, you'll want to refer to the wiki to increase your logging to get more detail: http://wiki.dovecot.org/Logging
What you need is the system IP that's connecting as these users, if it's local, you should be able to track that system down easily. If it's remote, block it via a firewall to lock it out.
Regarding the spam emails, they may or may not be coming from this same system, once you have more logging, you'll be able to verify that.
Jim
On Sep 9, 2011, at 4:45 PM, Nikos Papadopoulos wrote:
I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5
It seems that my mail server is being attacked by someone who tries to retrieve users' credentials.
Besides, some of the local users receive "spam" emails, which seem to be sent by another local user.