> On November 29, 2017 at 5:58 AM Alex <mysqlstud...@gmail.com> wrote: > > > Hi, I'm receiving the following messages in my mail logs that I > haven't seen before: > > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > > There's thousands of them, from hundreds of different IP addresses. I > suspect it's an exploit attempt, but does anyone know which? > > I've added a fail2ban entry, but I'd also like to make sure my dovecot > is not vulnerable. This is on a fc25 system with all updates.
0x13 is carriage return, so it could just be a mistake in the spam robots code. Aki
