[Dovecot] Spammers attempting SASL Auth
Simon Brereton
simon.brereton at buongiorno.com
Mon Oct 17 18:16:46 EEST 2011
Hi
This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get..
Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92]
Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at mydomain.net,208.86.147.92): Attempted login with password having illegal chars
Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<test at mydomain.net>, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84
Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known
Simon
More information about the dovecot
mailing list