[CentOS] Dovecot under brute force attack - nice attacker

Thu Jun 4 08:31:19 UTC 2009
Kai Schaetzl <maillists at conactive.com>

Henry Ritzlmayr wrote on Thu, 04 Jun 2009 08:21:04 +0200:

> the logs you are referring to are only produced if you enable 
> 
> auth_verbose = yes
> 
> right?

That's possible, I didn't check. In that case and if I recall right I 
added that directive because I was missing the IP numbers in some log 
lines.

> 
> Which (when I read the docs correctly) should only be used for figuring
> out why authentication isn't working. 

And that's maybe why they log only the last occurence. Nice hole :-)

> 
> If you disable auth_verbose those logs should be gone, and only the last
> try gets logged as I stated.

I won't test that, but I can believe that. I suggest you take this issue 
over to the dovecot mailing list, it's not CentOS-specific.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com