[Dovecot] POP3 Dictionary Attack Causes Complete Dovecot Failure Without Notice

Timo Sirainen tss at iki.fi
Tue Mar 11 09:19:24 EET 2008


On Mon, 2008-03-10 at 21:56 +0000, Sabahattin Gucukoglu wrote:
> Whenever my Dovecot installation is POP3-dictionary-attacked, a large 
> number of log entries written to /var/log/local0 from the syslog showing 
> all the POP3 login and shadow lookup failures is produced and then the 
> entire Dovecot installation crashes, master and all.  Unfortunately, it 
> was running unattended under normal use, is apparently quite hard to 
> reproduce (I wrote a Tcl script that just pipelined a load of random 
> strings with user/pass but nothing interesting happened), and leaves no 
> actual diagnosis or core dump for the crash.  Hopefully there's enough 
> information for you to at least guess what's happening.
> 
> I know some of this is outdated and a bit optimistically configured.  It's 
> my hope to get this all upgraded very soon, but thought you should have it 
> in case it turns out to be an obvious bug.
> 
> Dovecot version: 1.0rc7

I think there's a very good chance this has been fixed already. At least
no-one else has complained about it and there are pretty big v1.0
installations. For example v1.0.rc9 had:

	- Lots of fixes to login/master process handling

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080311/b2265d0b/attachment.bin 


More information about the dovecot mailing list