On Fri, 7 Jan 2022, Ken Wright wrote:
[...]
I'll post about the second issue later; right now I wonder why I'm getting so many non-users trying to log in. Am I the subject of concerted hacking attacks, or is there something else going on? Some of the attempted logins are more-or-less random names claiming to be @mydomain, but at least one is a username that's really on my server, to wit:
Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn unix:pid=776262,uid=117 [3]: rcpt www-data@mydomain.com: Failed to lookup user www-data@mydomain.com: Internal error occurred. Refer to server log for more information.
(Another quick question: which server log should I check?)
So, if anyone can tell me what's going on with all these logins, I'd be much obliged!
Further to what others have replied, I find it odd that invalid e-mail addresses (in your case, www-data@mydomain.com) manage their way to your LMTP server (dovecot).
Normally, your MTA (postfix, I presume) should reject e-mails to invalid addresses (i.e. not existing in your system -> dovecot), so that only e-mails to existing addresses reach LMTP at all.
So you should check your postfix configuration, and in particular virtual_mailbox_maps, etc.
Cheers.