On Jun 4, 2012, at 8:45 PM, Joseph Tam wrote: > If dovecot-auth is getting input from a local socket, then rhost > information is irrelevant since the host doing the asking is the server > itself (maybe from another daemon connected to a remote host).
Thanks for the confirmation of my suspicions.... > Maybe someone is brute forcing your server's Postfix authenticated > SMTP service since Postfix can be configured to use Dovecot's SASL > authentication framework. and for the suggestion -- I do have Postfix using Dovecot-Auth checking for SASL. I think I'm going to re-install and run Tripwire... -- Glenn English hand-wrapped from my Apple Mail
