[BlueOnyx:13100] Re: dovecot not registering with failed logins?
Roy Urick
rurick at usa.net
Fri May 24 09:45:41 -05 2013
Im beginning to think dovecot doesnt count... I already have it set for
the host to block 20/1h (20 per hour?) and it doesnt even show the
attempts, let alone block them. If I SSH in and give it a known bad pass
it will register two attempts from my IP so it appears to be at least
partially working.
It looks like SSH counts, but dovecot doesnt? As you can see they are
arriving every 20 seconds but nothing shows in the GUI.
May 24 10:34:08 BlueOnyx dovecot: pop3-login: Disconnected (auth failed,
1 attempts): user=<sony at domain.com>, method=PLAIN, rip=117.79.91.80,
lip=172.16.102.252
May 24 10:34:29 BlueOnyx dovecot: pop3-login: Disconnected (auth failed,
1 attempts): user=<sophie at domain.com>, method=PLAIN, rip=117.79.91.80,
lip=172.16.102.252
May 24 10:34:34 BlueOnyx dovecot: pop3-login: Disconnected (auth failed,
1 attempts): user=<spike at domain.com>, method=PLAIN, rip=117.79.91.80,
lip=172.16.102.252
On 5/24/2013 10:21 AM, Eric Peabody wrote:
> Roy,
>
> Your server's settings will determine if this attack will be blocked.
> Check under Security/Login Manager and see the Host rules. They may
> need to be adjusted.
>
> If that looks ok, try running pam_abl as root from the command line and
> see if you get any errors. If you do, you may need to delete the files
> it uses. If you delete the files, they will be recreated
> automatically. I mention this because I've seen these files become
> corrupted and deleting them was the only fix I could find.
>
> Eric
>
> On 5/24/13 8:46 AM, Roy Urick wrote:
>> during troubleshooting of a new server install, I noticed one single IP
>> slowly doing a dictionary attack of sorts against pop. (one attempt
>> every 30-6 seconds, user name is incrementing alphabetically)
>>
>> Even though I see all of these attempts from the one IP, that host isnt
>> showing in the failed logins GUI. Normal?
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list