Non-user logins?
Bernardo Reino
reinob at bbmk.org
Sun Jan 9 10:11:49 UTC 2022
On Fri, 7 Jan 2022, Ken Wright wrote:
[...]
> I'll post about the second issue later; right now I wonder why I'm
> getting so many non-users trying to log in. Am I the subject of
> concerted hacking attacks, or is there something else going on? Some
> of the attempted logins are more-or-less random names claiming to be
> @mydomain, but at least one is a username that's really on my server,
> to wit:
>
> Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn
> unix:pid=776262,uid=117 [3]: rcpt www-data at mydomain.com: Failed to
> lookup user www-data at mydomain.com: Internal error occurred. Refer to
> server log for more information.
>
> (Another quick question: which server log should I check?)
>
> So, if anyone can tell me what's going on with all these logins, I'd be
> much obliged!
Further to what others have replied, I find it odd that invalid e-mail addresses
(in your case, www-data at mydomain.com) manage their way to your LMTP server
(dovecot).
Normally, your MTA (postfix, I presume) should reject e-mails to invalid
addresses (i.e. not existing in your system -> dovecot), so that only e-mails to
existing addresses reach LMTP at all.
So you should check your postfix configuration, and in particular
virtual_mailbox_maps, etc.
Cheers.
More information about the dovecot
mailing list