Occasionally we get a user who decided they need to pop their account 3 to 4 times a second... usually I just disable their account and shout "no!", but now I have someone trying to do it repeatedly with an invalid username so I don't know who to spank. =) Before if this happened I would block the IP and wait for someone to complain... dovecot doesn't make that very easy, or at least I don't see how.
May 20 20:12:29 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:30 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:31 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username
No IP address, and we do not host thegrid.net. There are no other messages or authetication errors being logged anywhere else either. It would be helpful to have dovecot display the IP address of failed authentications as well... it allready show's it for login's.
-- James L Moser james@powweb.com PowWeb Hosting http://www.powweb.com
/(bb|[^b]{2})/, that is the Question.
mysql>SELECT * FROM user WHERE clue > 0; Empty set (0.03 sec)
Health is merely the slowest possible rate at which one can die... Health nuts are going to feel stupid someday, lying in hospitals dying of nothing...