Occasionally we get a user who decided they need to pop their account 3
to 4 times a second... usually I just disable their account and shout
"no!", but now I have someone trying to do it repeatedly with an
invalid
username so I don't know who to spank. =) Before if this happened I
would block the IP and wait for someone to complain... dovecot doesn't
make that very easy, or at least I don't see how.
May 20 20:12:29 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:30 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:31 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net):
invalid username
No IP address, and we do not host thegrid.net. There are no other
messages or authetication errors being logged anywhere else either. It
would be helpful to have dovecot display the IP address of failed
authentications as well... it allready show's it for login's.
--
James L Moser james at powweb.com
PowWeb Hosting http://www.powweb.com
/(bb|[^b]{2})/, that is the Question.
mysql>SELECT * FROM user WHERE clue > 0;
Empty set (0.03 sec)
Health is merely the slowest possible rate at which one can die...
Health nuts are going to feel stupid someday, lying in hospitals dying of
nothing...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: james.vcf
Type: text/x-vcard
Size: 239 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20040520/05582b22/attachment-0001.vcf>
On Thu, 20 May 2004 20:14:51 -0700 James Moser wrote:> Before if this happened I > would block the IP and wait for someone to complain... dovecot > doesn't make that very easy, or at least I don't see how.Can dovecot be built with tcpwrappers support? That would take care of the problem... hauke -- Hauke Fath /~\ The ASCII Ribbon Campaign Institut f?r Nachrichtentechnik \ / No HTML/RTF in email TU Darmstadt X No Word docs in email Ruf +49-6151-16-3281 / \ Respect for open standards
On Fri, 2004-05-21 at 06:14, James Moser wrote:> Occasionally we get a user who decided they need to pop their account 3 > to 4 times a second... usually I just disable their account and shout > "no!", but now I have someone trying to do it repeatedly with an invalid > username so I don't know who to spank. =) Before if this happened I > would block the IP and wait for someone to complain... dovecot doesn't > make that very easy, or at least I don't see how. > > May 20 20:12:29 mail05 dovecot-auth: mech-plain(jhurley at thegrid.net): > invalid usernameCurrently login process doesn't tell the IP address to auth process, so dovecot-auth doesn't even know the IP. I'll probably change this though. The logging in general should be improved and made more configurable.> No IP address, and we do not host thegrid.net. There are no other > messages or authetication errors being logged anywhere else either. It > would be helpful to have dovecot display the IP address of failed > authentications as well... it allready show's it for login's.After those "invalid username" errors it shows a failed connect with IP address. It's one of those.. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040522/91e60e97/attachment-0001.bin>