do a failed
pop3 auth myself, I show as "Disconnected" but the dictionary attack the
other day showed as "Aborted login".
Rodman
- Original Message -
From: "Charles Marcus"
Cc:
Sent: Friday, June 26, 2009 8:57 AM
Subject: Re: [Dovecot] Lots of pop3-logi
Well concerning my problem, I adjusted fail2ban so that it can parse the
maillog and ban IP's that have 6 incorrect pop3 logins. I had another
"attack" last night, but fail2ban got him only have 6 attempts and banned
his sorry ass.
If anyone wants to see the fail2ban config file I am using fo
I'll go ahead and lower that limit to something that fits my usage better.
Thanks Timo! You built a hell of a mail server.
Rodman
- Original Message -
From: "Timo Sirainen"
To: "Rodman Frowert"
Cc:
Sent: Thursday, June 25, 2009 2:46 PM
Subject: Re: [Dovecot] Lots of pop3-logins
Well, after going through my log files, I was hit with a dictionary based
attack. My maillog is full of about 20,000 lines of crap like this:
Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1
attempts): user=, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
Jun 21 23:06:0
Jose,
Thank you for your reply. Makes me feel better everything is working
properly and resources aren't being wasted. Thank you!
Rodman
- Original Message -
From: "Jose Celestino"
To: "Rodman Frowert"
Cc:
Sent: Thursday, June 25, 2009 9:34 AM
Subject: R
Hello,
Doing a "ps aux" on my Slackware box, I have approx 100 PID's of "pop3-login's
going on. This is a production mail server, but it is getting VERY low
traffic. In fact, only 3 people can "pop3" into it. I've check their e-mail
clients, and they are not checking mail any more often tha
