[CentOS] Dovecot under brute force attack - nice attacker

Thu Jun 4 06:21:04 UTC 2009
Henry Ritzlmayr <fedora-list at rc0.at>

Am Dienstag, den 02.06.2009, 17:31 +0200 schrieb Kai Schaetzl:
> Henry ritzlmayr wrote on Tue, 02 Jun 2009 14:51:23 +0200:
> 
> > ->Only the last try gets logged.
> 
> can't reproduce this. The following was done in one connection to 
> localhost.
> 
> Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
> unknown
> Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
> Jun  2 17:09:10 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
> retrieving information about user bongo
> 
> Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
> unknown
> Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
> Jun  2 17:09:30 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
> retrieving information about user bongo2
> 
> 
> Kai
> 

Hi Kai,

the logs you are referring to are only produced if you enable 

auth_verbose = yes

right?

Which (when I read the docs correctly) should only be used for figuring
out why authentication isn't working. 

If you disable auth_verbose those logs should be gone, and only the last
try gets logged as I stated.

Henry