On Tue, Dec 9, 2008 at 2:17 PM, James Pifer <[EMAIL PROTECTED]> wrote: > I was looking at my maillog and it looks like someone is trying to get > into my pop3 server. > > Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, > method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 > Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: > user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, > lip=::ffff:192.168.1.2 > Dec 9 15:29:14 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, > method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 > Dec 9 15:29:18 mailserver dovecot: pop3-login: Aborted login: > user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, > lip=::ffff:192.168.1.2 > Dec 9 15:29:36 mailserver dovecot: pop3-login: Aborted login: user=<alfred>, > method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 > > How worried should I bee about this? Any suggestions for dealing with > it?
>From the log snippet, it does not appear to be a distributed attack. Block 66.167.184.203 at the router -- Jeff _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos