Non-user logins?

Bernardo Reino reinob at bbmk.org
Sun Jan 9 10:11:49 UTC 2022


On Fri, 7 Jan 2022, Ken Wright wrote:

[...]

> I'll post about the second issue later; right now I wonder why I'm
> getting so many non-users trying to log in.  Am I the subject of
> concerted hacking attacks, or is there something else going on?  Some
> of the attempted logins are more-or-less random names claiming to be
> @mydomain, but at least one is a username that's really on my server,
> to wit:
>
> Jan  7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: conn
> unix:pid=776262,uid=117 [3]: rcpt www-data at mydomain.com: Failed to
> lookup user www-data at mydomain.com: Internal error occurred. Refer to
> server log for more information.
>
> (Another quick question:  which server log should I check?)
>
> So, if anyone can tell me what's going on with all these logins, I'd be
> much obliged!

Further to what others have replied, I find it odd that invalid e-mail addresses 
(in your case, www-data at mydomain.com) manage their way to your LMTP server 
(dovecot).

Normally, your MTA (postfix, I presume) should reject e-mails to invalid 
addresses (i.e. not existing in your system -> dovecot), so that only e-mails to 
existing addresses reach LMTP at all.

So you should check your postfix configuration, and in particular
virtual_mailbox_maps, etc.

Cheers.


More information about the dovecot mailing list