dovecot auth using 100% CPU
Steinar Bang
sb at dod.no
Fri Jul 3 12:28:41 UTC 2015
>>>>> Edward Betts <edward at 4angle.com>:
> Jorge Bastos <mysql.jorge at decimal.pt> wrote:
>> What do you see in the logs?
>> My guess is that someone is trying a brute force auth against you,
> Thanks Jorge, I think this is the answer. I'm using dovecot for exim4 SMTP
> authentication. The exim4 logs show brute force attacks.
A little late response, but since you're using debian you could try
pulling in fail2ban:
apt-get install fail2ban
fail2ban scans the logs of various services for attacks and firewalls
out the attacking IP addresses.
There are no built-in rules for exim or dovecot in the debian fail2ban
package, but there is something here that could possibly be adapted...?
http://wiki2.dovecot.org/HowTo/Fail2Ban
Here's a filter for exim:
https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/exim.conf
More information about the dovecot
mailing list