Non-user logins?
Stephen Hanselman
s.hanselman at datagatesystems.com
Sat Jan 8 05:34:59 UTC 2022
Ken,
Both of my production servers see the exact same problem. What was worse I was seeing around 100K failed attempts to login to my root user. A bit of research and now my firewall ignores any attempt from PRC.
Sort of a cost of doing business
Steve Hanselman
Sent from my iPad
> On Jan 7, 2022, at 20:24, Ken Wright <daddywarlock at gmail.com> wrote:
>
> My Dovecot issues continue. Right now I see at least two issues:
> first, my logs consistently show non-users trying (and failing) to log
> in, and I'm still unable to log in from my email client (Evolution or
> Roundcube, either one).
>
> I'll post about the second issue later; right now I wonder why I'm
> getting so many non-users trying to log in. Am I the subject of
> concerted hacking attacks, or is there something else going on? Some
> of the attempted logins are more-or-less random names claiming to be
> @mydomain, but at least one is a username that's really on my server,
> to wit:
>
> Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn
> unix:pid=776262,uid=117 [3]: rcpt www-data at mydomain.com: Failed to
> lookup user www-data at mydomain.com: Internal error occurred. Refer to
> server log for more information.
>
> (Another quick question: which server log should I check?)
>
> So, if anyone can tell me what's going on with all these logins, I'd be
> much obliged!
>
>
> Ken
>
More information about the dovecot
mailing list