On Wed, 2008-07-23 at 12:22 -0700, Ken Marcus - Precision Web Hosting,
Inc. wrote:
> > I've seen some talk about Dovecot repeating password prompts on the list
> > and while this happens to us from time to time, the procedure for
> > restarting some things along with dbrecover always seems to work.
> > Tonight I had two servers do it at the same time, so I'm assuming a
> > flood/attack of some sort?
> >
> > Is there any recommended way or dovecot settings to avoid this from
> > happening?
> >
>
> I think you need to install software that will check for brute force attacks
> and block that IP.
Do you mean mean iptables?
>
> Then also the flat file conversion is a very good idea.
Actually, after doing some searching, I see all the pop3-login attempts
from 81.149.98.170 in the maillog even though our SonicWall only shows
one entry just prior to the log entries. Not the IP address of the
server, but to our network address (see xxx.xx.xxx.0 here)...
07/22/2008 19:26:19.560 - Notice - Network Access - TCP connection
dropped - 81.149.98.170,
55444, X1 - xxx.xx.xxx.0, 110, X2 - TCP POP3 (Retrieve E-Mail) 29 (WAN->LAN)
I was also looking at this post about possible changes to the
dovecot.conf file? I'm not clear on what the update was applied from
Brian...
http://bluequartz.org/ml/archive/coba-e/9700/9753.html
--
Robert