-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LuKreme wrote the following on 26.08.2013 06:42:
> In my dovecot.conf I do not have pop3-login anabled (since I do not support
> pop3):
>
> # doveconf -n
> # 2.2.5: /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 9.1-RELEASE i386
> auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
> disable_plaintext_auth = no
> first_valid_uid = 89
> log_path = /var/log/dovecot
> login_log_format_elements = user=<%u> %r %m %c
> mail_location = maildir:~/Maildir
> mail_max_userip_connections = 50
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> auto = subscribe
> special_use = \Junk
> }
> mailbox NotJunk {
> auto = subscribe
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
> }
> service imap-login {
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_key = </etc/ssl/private/dovecot.pem
> userdb {
> driver = passwd
> }
> userdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> default_fields = uid=vpopmail gid=vchkpw
mail_location=/usr/local/virtual/%u
> driver = sql
> }
>
> but I see thousands (tens of thousands) of
>
> dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=<+VcroT7kUgBKX1KW>
> dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=<kbNdoT7kWwBKX1KW>
> dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=<rRWQoT7kWgBKX1KW>
> dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=<feCpoT7kfwBKX1KW>
> dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=<lmTCoT7kiQBKX1KW>
> dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=<5oPcoT7ktABKX1KW>
>
> Yes, I need to install fail2ban or something on this new machine, but
still...
>
>
Besides of the above, if you are not going to use POP3 at all I would
close port 110 and port 995 with DROP to let to go these accesses to
nowhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
iQEcBAEBAgAGBQJSGqVsAAoJEKYXVM1dyOfZYEIH+wT//iSbLbn7mwruVTm7N7vC
G4NIUduFeW/s+zFJ+36QwPHG+gGnSM0uDk0upfeytjh0IMh0ADRZGhKQ/A3wnQy+
qNsu1Cvy5GsBag1mi4gJndJoPPZe8JAMaHncbm6lAN3s5wDFGtqyT7V/4BYUSsmV
NkeWayP/r6NK9LCKsV2jnxJvdSyn20iiViMRYWRqNViPyvmlUKEpkjSqbGhDPpv4
DYCKBx1DO17j2S2nbpeqYEuQoZNkHVWi10UzLBFt05Ubt0AIMMIGcTOcPzZftn5a
UL1d8M7JvGDd50u9B4/Xh8zdr8PKZT05kpPqMe0rVDNkwHpUe9Se/oyfXNwU2tk=
=rKgv
-----END PGP SIGNATURE-----
0x5DC8E7D9.asc
Description: application/pgp-keys
