[BlueOnyx:08916] Re: Curious problem with dovecot

Arbalister arbalister at gmail.com
Thu Oct 27 19:57:53 -05 2011 

Just out of curiosity, I grepped my maillog to look for those...and any that
I have show (no auth attempts) and no usernames associated with the
attempt...other then a few that are obvious attempts to brute force
(usernames like webmaster, admin, etc) that were eventually nailed by
denyhosts.

In the years I've run this box I've never had a user report anything like
what you're seeing.  Interesting...

On Thu, Oct 27, 2011 at 4:40 PM, Chris Gebhardt - VIRTBIZ Internet <
cobaltfacts at virtbiz.com> wrote:

> Dirk Estenfeld wrote:
> > Hello,
> >
> > on one blueonyx (5106R) server I have since some weeks an interesting
> problem with dovecot.
> > Users are polling mails with pop3 or imap. Every 1-2 weeks from one
> second to the other a user which have received emails all the day get
> message "please enter your password" and in /var/log/maillog I get the
> message:
> >
> > Oct 27 20:00:03 wire dovecot: pop3-login: Aborted login (auth failed, 1
> attempts): user=<abc>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8
> > Oct 27 20:01:06 wire dovecot: imap-login: Aborted login (auth failed, 1
> attempts): user=<def>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
> >
> > But not all users have problems. Other user can still access via pop3 or
> imap.
> >
> > Oct 27 20:02:32 wire dovecot: pop3-login: Login: user=<abc>,
> method=PLAIN, rip=1.2.3.4, lip=5.6.7.8
> > Oct 27 20:02:37 wire dovecot: POP3(abc): Disconnected: Logged out
> top=0/0, retr=0/0, del=0/37, size=13382981
> > (some minutes later, also this user got an "Aborted login")
> >
> > I did a pam_abl -p but without success, I restarted pam_abl, no success.
> >
> > After I did a "killall -HUP dovecot" authentification for the users was
> possible again.
> > In the Moment I have no idea where the problem is. Maybe dovecoth
> auth_cache?
> >
> > Is there anybody who can give me a hint why dovecot run into trouble?
>
> Hi Dirk,
> We've run into similar issue with 5106R.  I wish I could tell you why -
> haven't gotten that far yet.  Running "service dovecot restart" always
> clears it up.   In absence of a fix, I may script something to monitor
> and restart as needed.
>
> --
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20111027/374f204a/attachment.html>

More information about the Blueonyx mailing list