[Dovecot] Attacking Dovecot
Nikos Papadopoulos
npap at ecs.com.gr
Sat Sep 10 00:45:26 EEST 2011
Hello,
I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5
and the following configuration:
# 1.0.7: /etc/dovecot.conf
protocols: pop3
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
mail_location: mbox:~/mail:INBOX=/var/mail/%u
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/pop3
pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
auth default:
passdb:
driver: pam
userdb:
driver: passwd
It seems that my mail server is being attacked by someone who tries to
retrieve users' credentials. Please read below an output of logwatch.
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user sandra
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user tanya
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user tanya
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user dark
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user dark
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user gibson
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user frank
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about
user frank
Besides, some of the local users receive "spam" emails, which seem to be
sent by another local user.
Please assist me on how to prevent the aforementioned attack.
Best Regards,
Nikos
More information about the dovecot
mailing list