Am 17.10.2011 17:16, schrieb Simon Brereton:> Hi
>
> This is a new one on me - I've never seen spammers attempt to use to
SASL Auth to inject spam. None of the users they are trying (newsletter, dummy,
test, etc.) exist, but what worries me is the illegal chars error - is this a
known vulnerability in dovecot they are trying to exploit? I'm running
1:1.2.15-7 installed from apt-get..
>
> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from
unknown[208.86.147.92]
> Oct 17 15:07:16 mail dovecot: auth(default): passdb(newsletter at
mydomain.net,208.86.147.92): Attempted login with password having illegal chars
> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<test at mydomain.net>, method=PLAIN, rip=208.86.147.92,
lip=83.170.64.84
> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname
default-208-86-147-92.nsihosting.net verification failed: Name or service not
known
>
>
> Simon
>
this maybe a brute force attack,or more easy someone missconfigured his
client , you may use fail2ban etc to block it
not directly related to dovecot
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria