[Dovecot] auth trouble
Glenn English
ghe at slsware.com
Wed Jun 6 02:08:07 EEST 2012
On Jun 5, 2012, at 3:53 PM, /dev/rob0 wrote:
> What suspicions were confirmed?
At first I thought that somebody was TCP'ing in and somehow
turning off the remote IP in the log so I couldn't block it.
Then an answer from another mailing list, and a little thinking,
made it occur to me that maybe my server had been penetrated.
> And these brute force attempts would be logged, each one.
They are, with no rhost. And there are other brute force attempts
that *do* have IPs.
> I think you are overreacting.
I really hope so. What's your thinking? Have you seen this before?
And most important: what is it, how does it work, and how do I get
rid of it and keep it from coming back?
--
Glenn English
hand-wrapped from my Apple Mail
More information about the dovecot
mailing list