[CentOS] Dovecot under brute force attack - nice attacker
Henry Ritzlmayr
fedora-list at rc0.at
Thu Jun 4 06:21:04 UTC 2009
Am Dienstag, den 02.06.2009, 17:31 +0200 schrieb Kai Schaetzl:
> Henry ritzlmayr wrote on Tue, 02 Jun 2009 14:51:23 +0200:
>
> > ->Only the last try gets logged.
>
> can't reproduce this. The following was done in one connection to
> localhost.
>
> Jun 2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user
> unknown
> Jun 2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): authentication
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
> Jun 2 17:09:10 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error
> retrieving information about user bongo
>
> Jun 2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user
> unknown
> Jun 2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): authentication
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
> Jun 2 17:09:30 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error
> retrieving information about user bongo2
>
>
> Kai
>
Hi Kai,
the logs you are referring to are only produced if you enable
auth_verbose = yes
right?
Which (when I read the docs correctly) should only be used for figuring
out why authentication isn't working.
If you disable auth_verbose those logs should be gone, and only the last
try gets logged as I stated.
Henry
More information about the CentOS
mailing list