[BlueOnyx:16788] Re: Dovecot security
Herb Rubin
herbr at pfinders.com
Thu Jan 1 19:20:22 -05 2015
If you have pam_abl installed as a service this could also block repeated failed password attempts
from a single office IP.
tail the log to see whats happening.
tail /var/log/secure
If you do have pam_abl just restart it
service pam_abl restart
to clear out the blocked IPs
Herb
----- Original Message -----
From: "Michael Stauber" <mstauber at blueonyx.it>
To: "BlueOnyx General Mailing List" <blueonyx at mail.blueonyx.it>
Sent: Thursday, January 1, 2015 1:54:51 PM
Subject: [BlueOnyx:16786] Re: Dovecot security
Hi Robert,
> I have a customer that starts receiving 'auth failed' when checking any
> mailboxes from their office location, I have verified all logins are
> correct using Webmail. I found an error in our maillog related to one
> specific user receiving the following error.....
>
> Dec 31 09:24:09 www1 dovecot: imap-login: Disconnected: Too many invalid
> commands (auth failed, 1 attempts in 6 secs): user=...
We're using a pretty much stock Dovecot 2.2 configuration. The only
changes are related to allowed SSL ciphers and protocols and the mailbox
format and location.
Dovecot 2.2 (we're using 2.2.15) has some built in auth penalty that
kicks in if there are repeated false authentications from a given source
or user.
More information on how that works can be found here:
http://wiki2.dovecot.org/Authentication/Penalty
http://wiki2.dovecot.org/Authentication
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list