[Dovecot] auth trouble

Glenn English ghe at slsware.com
Wed Jun 6 02:08:07 EEST 2012

On Jun 5, 2012, at 3:53 PM, /dev/rob0 wrote:

> What suspicions were confirmed?

At first I thought that somebody was TCP'ing in and somehow 
turning off the remote IP in the log so I couldn't block it. 
Then an answer from another mailing list, and a little thinking, 
made it occur to me that maybe my server had been penetrated.

> And these brute force attempts would be logged, each one.

They are, with no rhost. And there are other brute force attempts 
that *do* have IPs.

> I think you are overreacting.

I really hope so. What's your thinking? Have you seen this before? 
And most important: what is it, how does it work, and how do I get 
rid of it and keep it from coming back?

Glenn English
hand-wrapped from my Apple Mail

More information about the dovecot mailing list