It seems there was some kind of attack against dovecot on my server (CentOS-5.5) with a hundred or so logwatch entries like: ========================================= **Unmatched Entries** dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user admin dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user webmaster ========================================= I googled for this, and it seems quite a common occurrence. Basically, I'm wondering whether this is best met at the dovecot level, or at my firewall? I'm running shorewall, and I see advice to impose a time-interval between successive attempts like these, but I'm not sure of the best way to do this? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland