From: Steve Dondley <s...@dondley.com>
> I have no idea what is triggering it for so many different users from legit
> email addresses. Still investigating. But this appears to be a fail2ban
> problem, not a dovecot problem.
My logs are filled with failed authentication from Outlook clients. The clients
seem to be trying different usernames (with/without domains), and maybe SSL/TLS
flavours. My guess is Outlook is doing some
autodiscovery/autoconfiguration thing, and
occasionally hits the right combo and successfully authenticates.
I'm not sure I would characterise this as a fail2ban problem.
Fail2ban is doing what it
says on the side of the tin: looking for repeated authentication failures, and
blocking those that fail too many times. The real problem is Outlook
fumble around
for the correct settings, and mimicking a brute force attack.
I've had great difficulty getting some Outlook clients to configure exactly the
settings it should have (like excluding domain names from usernames). Try
running his command line using Windows-R (not from cmd.exe).
outlook.exe /PIM NoEmail
This will avoid the auto-setup process that railroads you into frustration.
MacOSX Mail app tries the same stuff, but at least you can turn that
behaviour off and stop it from second guessing your settings.
Joseph Tam <jtam.h...@gmail.com>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
