Re: [Dovecot] SA54438

[Jay Khashan]

Hi Timo,

Thanks for the info, the version of dovecot installed is 

root@gwvmdmzmail01:~# dovecot --version
1.2.15
root@gwvmdmzmail01:~# 

Whats the safest way, without loosing data or breaking the mail system is 
recommended to upgrade dovecot to version 2.2.5?

many thanks

~Jay

> From: t...@iki.fi
> Date: Wed, 14 Aug 2013 13:14:17 +0300
> To: dovecot@dovecot.org
> Subject: [Dovecot] SA54438
> 
> http://secunia.com/advisories/54438/
> 
> Since I already got 3 private mails about this, here's the same reply for 
> everyone (actually updated, now that I looked at the code):
> 
> This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one 
> pop3 process to crash in assert, which was handling only the connection that 
> had already disconnected. (Unless you were running a non-recommended 
> configuration with multiple clients per process.) So the only problem it 
> caused was that Dovecot logged an assert error and maybe wrote a core dump.
> 
  

[Dovecot] Dovecot security

[Jay Khashan]

Hi,

THIS IS URGENT 

I have Debian Linux machine which I installed as a mail server with postfix, 
and dovecot. my mail server is setup to use SMTP relay. I currently have ports 
143, 995, 25 & SSMTP ports open. in the last few days I have been under attack 
where email is being sent to fake email address for example x...@evg-mail.org 
which does not exist in the mysql db. 

 I need to figure out and lock down dovecot, because I believe the attack is 
some kind of virus /spyware. I need to know what statement in dovecot.conf or 
main.cf (postfix) I can modify to lock it down. Also open to install software 
to combat this kind of attack. Let me know what configuration files, info do 
you need to help out


Many Thanks

~Jay