Date:  Fri, 14 Aug 2009 19:48:54 -0400
From:  "Darrell D. Mobley" <dmobley (at mark) uhostme.com>
Subject:  [coba-e:15891] Re: Block Hacker IP from BQ and BX Server
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <1EA69CB81B99462F8140C48C598F399E@HP9925NR>
In-Reply-To:  <4A85F498.2060009 (at mark) theanchoragesylvania.com>
References:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au> <BAY107-W428D49C8AE2A6E64E87003D1070 (at mark) phx.gbl> <C81E2DF7ABD74911BB472BEC43ABD0A2 (at mark) HP9925NR> <4A8333EF.1040905 (at mark) theanchoragesylvania.com> <4AC0EE4443374853B240370C4E373A02 (at mark) HP9925NR> <5D1AFDCEFF6842F0A19B3AC3A086C636 (at mark) HP9925NR> <4A85F498.2060009 (at mark) theanchoragesylvania.com>
X-Mail-Count: 15891

> -----Original Message-----
> From: Greg Kuhnert [mailto:greg.kuhnert (at mark) theanchoragesylvania.com]
> Sent: Friday, August 14, 2009 7:35 PM
> To: Darrell D. Mobley
> Cc: coba-e (at mark) bluequartz.org
> Subject: [coba-e:15887] Re: Block Hacker IP from BQ and BX Server
> 
> If we look at that line, it is saying that this user disconnected. If
> their username was provided, can we assume that they were valid logins?
> Previously, dovecot told us that there was an auth failure if a username
> is provided on a failed login attempt?
> 
> I do not see this happening on my test box.
> 
> rpm -q dovecot
> dovecot-1.1.8-0BQ3
> 
> What dovecot version are you running?

[root@www ~]# rpm -q dovecot
warning: only V3 signatures can be verified, skipping V4 signature
dovecot-1.0.13-0_68.el4

This is apparently the latest dovecot available for BQ...