I'm getting the message
Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected
every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timothy Murphy said the following on 22/11/2013 14:12:
Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected
every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages?
If 192.168.2.3 is a Windows host, it could be infected; had a similar issue with one of my customers.
In any case, that log entry says that 192.168.2.3 is opening a TCP connection to IMAP port of 192.168.2.5 and closing it without any IMAP handshake
Ciao, luigi
- -- / +--[Luigi Rosa]-- \
The more complex the mind, the greater the need for the simplicity of play. --James Kirk, "Shore Leave"
Luigi Rosa wrote:
Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected
every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages?
If 192.168.2.3 is a Windows host, it could be infected; had a similar issue with one of my customers.
Thanks for your response. But in fact it is a Linux laptop, running KMail.
In any case, that log entry says that 192.168.2.3 is opening a TCP connection to IMAP port of 192.168.2.5 and closing it without any IMAP handshake
I've managed to stop the flood, though I'm not sure which of the steps I took had this effect. 1) I created a self-signed certificates /etc/pki/dovecot/certs/dovecot.pem and /etc/pki/dovecot/private/dovecot.pem on the server, and copied the first to /etc/pki/dovecot/certs and /etc/pki/tls/certs on the laptop. (I already had standard signed TLS certificates on both.)
2) I found that KMail on the laptop had the connection setting set to SSL/TLS on port 993, which I changed to STARTTLS on port 143.
3) I re-started dovecot on the server
4) I re-booted the laptop.
Now the flood of messages in /var/log/maillog seems to have stopped.
-
Luigi Rosa -
Timothy Murphy