Am 19.09.2011 19:05, schrieb Rick Baartman: > From my secure log: > > Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user > unknown > Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication > failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 > Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error > retrieving information about user aaron > Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user > unknown > Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication > failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 > Sep 19 01:16:45 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error > retrieving information about user abby > > etc. Literally, 30,000 user names attempted. I can advice you to use Fail2Ban. This will block that Ip-Adresse after a customizable number of failed logins.
In addition you can `whois` this ip adresse and send an email to his abuse@provider.
