on 11-20-2008 5:31 PM Kai Schaetzl spake the following:
Scott Silva wrote on Thu, 20 Nov 2008 16:03:04 -0800:
CentOS 4 comes with a very OLD version of dovecot. If you are using dovecot, you can get a much newer version at atrpms.net. The upgrade might be all you need to fix it.
The dovecot in CentOS 5 exhibits the same problem when hammered by dictionary attacks. Is the atrpms version newer?
Kai
You can get 1.0.15 which is the recent stable for the 1.0 series, and you can get 1.1.16 which has many new improvements over 1.0, and is the current stable branch. I think the 1.1 branch has some changes to the auth code that might help. Read the dovecot wiki for the steps you need to follow to upgrade, especially if you want to go back.
I really recommend you at least go to the 1.0 branch instead of the 0.99 beta in CentOS 4. The indexing improvements alone are worth it.