On 1/7/22 11:35 PM, Ken Wright wrote:
My Dovecot issues continue. Right now I see at least two issues: first, my logs consistently show non-users trying (and failing) to log in, and I'm still unable to log in from my email client (Evolution or Roundcube, either one).
I'll post about the second issue later; right now I wonder why I'm getting so many non-users trying to log in. Am I the subject of concerted hacking attacks, or is there something else going on? Some of the attempted logins are more-or-less random names claiming to be @mydomain, but at least one is a username that's really on my server, to wit:
Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn unix:pid=776262,uid=117 [3]: rcpt www-data@mydomain.com: Failed to lookup user www-data@mydomain.com: Internal error occurred. Refer to server log for more information.
(Another quick question: which server log should I check?)
So, if anyone can tell me what's going on with all these logins, I'd be much obliged!
I see them all the time on the mail servers I run. Typical kids trying to mess with other peoples' stuff. I run fail2ban to catch those log entries and block the source IP address for a month on the first failed login. At any one time I have between 12,000 and 15,000 addresses in my blocked list for IMAP.
Dave, that's exactly the kind of answer I was looking for. Fail2ban, huh? I'll have to check that out.
I run it under Solaris (SmartOS), but it's available on most platforms now.
Thanks again!
I'm happy to be of assistance. Good luck.
-Dave
-- Dave McGuire, AK4HZ New Kensington, PA