[CentOS] Dovecot under brute force attack - nice attacker
Henry Ritzlmayr
fedora-list at rc0.at
Thu Jun 4 10:18:35 UTC 2009
Am Donnerstag, den 04.06.2009, 10:31 +0200 schrieb Kai Schaetzl:
> Henry Ritzlmayr wrote on Thu, 04 Jun 2009 08:21:04 +0200:
>
> > the logs you are referring to are only produced if you enable
> >
> > auth_verbose = yes
> >
> > right?
>
> That's possible, I didn't check. In that case and if I recall right I
> added that directive because I was missing the IP numbers in some log
> lines.
>
> >
> > Which (when I read the docs correctly) should only be used for figuring
> > out why authentication isn't working.
>
> And that's maybe why they log only the last occurence. Nice hole :-)
>
> >
> > If you disable auth_verbose those logs should be gone, and only the last
> > try gets logged as I stated.
>
> I won't test that, but I can believe that. I suggest you take this issue
> over to the dovecot mailing list, it's not CentOS-specific.
>
> Kai
>
It's on the dovecot mailing list now.
thanks
Henry
More information about the CentOS
mailing list