On Tue, Dec 9, 2008 at 2:17 PM, James Pifer jep@obrien-pifer.com wrote:
I was looking at my maillog and it looks like someone is trying to get into my pop3 server.
Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:14 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:18 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:36 mailserver dovecot: pop3-login: Aborted login: user=<alfred>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
How worried should I bee about this? Any suggestions for dealing with it?
From the log snippet, it does not appear to be a distributed attack.
Block 66.167.184.203 at the router