Non-user logins?

Dave McGuire mcguire at neurotica.com
Sat Jan 8 04:27:08 UTC 2022


On 1/7/22 11:24 PM, Ken Wright wrote:
> My Dovecot issues continue.  Right now I see at least two issues:
> first, my logs consistently show non-users trying (and failing) to log
> in, and I'm still unable to log in from my email client (Evolution or
> Roundcube, either one).
> 
> I'll post about the second issue later; right now I wonder why I'm
> getting so many non-users trying to log in.  Am I the subject of
> concerted hacking attacks, or is there something else going on?  Some
> of the attempted logins are more-or-less random names claiming to be
> @mydomain, but at least one is a username that's really on my server,
> to wit:
> 
> Jan  7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn
> unix:pid=776262,uid=117 [3]: rcpt www-data at mydomain.com: Failed to
> lookup user www-data at mydomain.com: Internal error occurred. Refer to
> server log for more information.
> 
> (Another quick question:  which server log should I check?)
> 
> So, if anyone can tell me what's going on with all these logins, I'd be
> much obliged!

   I see them all the time on the mail servers I run.  Typical kids 
trying to mess with other peoples' stuff.  I run fail2ban to catch those 
log entries and block the source IP address for a month on the first 
failed login.  At any one time I have between 12,000 and 15,000 
addresses in my blocked list for IMAP.

              -Dave

-- 
Dave McGuire, AK4HZ
New Kensington, PA


More information about the dovecot mailing list