Glenn English writes:
I'm getting a lot of what I think is a local socket asking
dovecot:auth to verify username/passwords:
May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost=
If dovecot-auth is getting input from a local socket, then rhost
information is irrelevant since the host doing the asking is the server
itself (maybe from another daemon connected to a remote host).
Maybe someone is brute forcing your server's Postfix authenticated
SMTP service since Postfix can be configured to use Dovecot's SASL
authentication framework.
Joseph Tam <jtam.h...@gmail.com>
