Am Montag, den 08.06.2009, 12:58 -0700 schrieb Kenneth Porter:
> I've temporarily got SELinux set to permissive mode on a fresh install on
> CentOS 5. It was blocking Dovecot's access to ~/mail because the files were
> labeled file_t. What's the correct way to label these?
>
restorecon
Henry
Am Freitag, den 05.06.2009, 09:24 +0200 schrieb Lenthir:
> Timo Sirainen pisze:
> > On Jun 4, 2009, at 10:01 AM, Lenthir wrote:
> >> Trying 127.0.0.1...
> >> Connected to localhost.
> >> Escape character is '^]'.
> >> +OK POP3 [127.0.0.1] server ready
> >> user krzys
> >> +OK User name accepted, pa
Am Freitag, den 05.06.2009, 02:26 -0400 schrieb Timo Sirainen:
> On Jun 5, 2009, at 2:07 AM, henry ritzlmayr wrote:
>
> > Interesting for me is that you are on v1.2RC4. Timo wrote yersterday
> > that with v1.2+ after every login failure the delay for the next
> > attempt
Am Freitag, den 05.06.2009, 12:04 +1000 schrieb James Brown:
> Looks like we are under a dictionary login attack on our POP server:
>
> Jun 5 11:48:20 mail dovecot[2620]: pop3-login: Aborted login (auth
> failed, 1 attempts): user=, method=PLAIN, rip=85.189.169.94,
> lip=192.168.1.9
Since th
Am Donnerstag, den 04.06.2009, 12:23 -0400 schrieb Timo Sirainen:
> On Thu, 2009-06-04 at 18:13 +0200, henry ritzlmayr wrote:
> > > > Question:
> > > > Is there any way to close the connection after the
> > > > first wrong user/pass combination. So an attack
Am Donnerstag, den 04.06.2009, 09:51 -0700 schrieb Mark Sapiro:
> On Thu, Jun 04, 2009 at 12:16:00PM +0200, henry ritzlmayr wrote:
> >
> > The problem:
> > If the attacker wouldn't have closed and reopened the connection
> > no log would have been generat
Am Donnerstag, den 04.06.2009, 18:27 +0200 schrieb Steve:
> > The Idea is good but I guess an option to just disconnect the attacker
> > wouldn't hurt in the config file?
> >
> Is that not the wrong approach? I mean: all you wanted is to have a log entry
> showing when there was a username/passwor
> > Question:
> > Is there any way to close the connection after the
> > first wrong user/pass combination. So an attacker would be forced
> > to reopen it?
>
> I think the growing delay is a better idea.
The Idea is good but I guess an option to just disconnect the attacker
wouldn't hurt in the
ays block the attacker with
a little script (fail2ban,..).
Henry
> -Message d'origine-
> De : dovecot-bounces+laruellec=aiderdonner@dovecot.org
> [mailto:dovecot-bounces+laruellec=aiderdonner@dovecot.org] De la part de
> Noel Butler
> Envoyé : jeudi 4 juin 2009 12:4
Hi List,
optimizing the configuration on one of our servers (which was
hit by a brute force attack on dovecot) showed an odd behavior.
Dovecot Version 1.0.7 (CentOS 5.2)
The short story:
On one of our servers an attacker did a brute force
attack on dovecot (pop3).
Since the attacker closed a
10 matches
Mail list logo
