[CentOS] Dovecot under brute force attack - nice attacker

Thu Jun 4 10:18:35 UTC 2009
Henry Ritzlmayr <fedora-list at rc0.at>

Am Donnerstag, den 04.06.2009, 10:31 +0200 schrieb Kai Schaetzl:
> Henry Ritzlmayr wrote on Thu, 04 Jun 2009 08:21:04 +0200:
> 
> > the logs you are referring to are only produced if you enable 
> > 
> > auth_verbose = yes
> > 
> > right?
> 
> That's possible, I didn't check. In that case and if I recall right I 
> added that directive because I was missing the IP numbers in some log 
> lines.
> 
> > 
> > Which (when I read the docs correctly) should only be used for figuring
> > out why authentication isn't working. 
> 
> And that's maybe why they log only the last occurence. Nice hole :-)
> 
> > 
> > If you disable auth_verbose those logs should be gone, and only the last
> > try gets logged as I stated.
> 
> I won't test that, but I can believe that. I suggest you take this issue 
> over to the dovecot mailing list, it's not CentOS-specific.
> 
> Kai
> 

It's on the dovecot mailing list now.

thanks
Henry