[Dovecot] 64.31.19.48 attempt to break into my computer

Alex other at ahhyes.net
Fri Sep 23 01:28:07 EEST 2011


It is a great tool. Unfortunately dovecot allows infinate incorrect logins during a single session. When fail2ban has firewalled the ip its pointless as the rule only affects new sessions, not established ones. I am disappointed that the author of dovecot has no interest in adding a feature that closes the session after x auth failures. It would certainly make tools like fail2ban more effective.

----- Reply message -----
From: "John Alexander" <john.alexander at preachain.org>
Date: Fri, Sep 23, 2011 00:13
Subject: [Dovecot] 64.31.19.48 attempt to break into my computer
To: <dovecot at dovecot.org>

Fail2Ban is an excellent tool to deal with this sort of thing.


On Mon, 19 Sep 2011 10:05:47 -0700, Rick Baartman wrote
> >From my secure log:
> 
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check 
> pass; user unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): 
> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= 
> rhost=::ffff:64.31.19.48 
> Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): 
> error retrieving information about user aaron


More information about the dovecot mailing list