[CentOS] Dovecot attack

23 Aug 2010


      It seems there was some kind of attack against dovecot on my server
(CentOS-5.5) with a hundred or so logwatch entries like:
=========================================
**Unmatched Entries**
dovecot-auth: pam_succeed_if(dovecot:auth): 
  error retrieving information about user admin
dovecot-auth: pam_succeed_if(dovecot:auth): 
  error retrieving information about user webmaster
=========================================
I googled for this, and it seems quite a common occurrence.
Basically, I'm wondering whether this is best met
at the dovecot level, or at my firewall?
I'm running shorewall, and I see advice 
to impose a time-interval between successive attempts like these,
but I'm not sure of the best way to do this?
-- 
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[CentOS] Dovecot attack