[CentOS] Dovecot under brute force attack - nice attacker
maillists at conactive.com
Thu Jun 4 08:31:19 UTC 2009
Henry Ritzlmayr wrote on Thu, 04 Jun 2009 08:21:04 +0200:
> the logs you are referring to are only produced if you enable
> auth_verbose = yes
That's possible, I didn't check. In that case and if I recall right I
added that directive because I was missing the IP numbers in some log
> Which (when I read the docs correctly) should only be used for figuring
> out why authentication isn't working.
And that's maybe why they log only the last occurence. Nice hole :-)
> If you disable auth_verbose those logs should be gone, and only the last
> try gets logged as I stated.
I won't test that, but I can believe that. I suggest you take this issue
over to the dovecot mailing list, it's not CentOS-specific.
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the CentOS