29 Nov
2017
29 Nov
'17
5:58 a.m.
Hi, I'm receiving the following messages in my mail logs that I haven't seen before:
Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?)
There's thousands of them, from hundreds of different IP addresses. I suspect it's an exploit attempt, but does anyone know which?
I've added a fail2ban entry, but I'd also like to make sure my dovecot is not vulnerable. This is on a fc25 system with all updates.