On Fri, 2022-01-07 at 23:27 -0500, Dave McGuire wrote: > On 1/7/22 11:24 PM, Ken Wright wrote: > > My Dovecot issues continue. Right now I see at least two issues: > > first, my logs consistently show non-users trying (and failing) to > > log in, and I'm still unable to log in from my email client > > (Evolution or Roundcube, either one). > > > > I'll post about the second issue later; right now I wonder why I'm > > getting so many non-users trying to log in. Am I the subject of > > concerted hacking attacks, or is there something else going on? > > Some of the attempted logins are more-or-less random names claiming > > to be @mydomain, but at least one is a username that's really on my > > server, to wit: > > > > Jan 7 22:52:01 grace dovecot: lmtp(776281): Error: lmtp-server: > > conn unix:pid=776262,uid=117 [3]: rcpt [email protected]: > > Failed to lookup user [email protected]: Internal error > > occurred. Refer to server log for more information. > > > > (Another quick question: which server log should I check?) > > > > So, if anyone can tell me what's going on with all these logins, > > I'd be much obliged! > > I see them all the time on the mail servers I run. Typical kids > trying to mess with other peoples' stuff. I run fail2ban to catch > those log entries and block the source IP address for a month on the > first failed login. At any one time I have between 12,000 and 15,000 > addresses in my blocked list for IMAP.
Dave, that's exactly the kind of answer I was looking for. Fail2ban, huh? I'll have to check that out. Thanks again! Ken
