similar to: POP3 Dictionary Attack Causes Complete Dovecot Failure Without Notice

Greetings, I am running 64 bit Ubuntu server 10.04.04, postfix 2.7.0, and dovecot 1.2.9. I installed the dovecot-postfix package so the two would be configured to work together. >From localhost I can send and receive email to/from arbitrary remote sites without any problems. I wish to send & receive email from my (remote) desktop via Thunderbird through that sever. When I attempt to

I am trying to install dovecot as a second pop3 service in my RH9 system. It is a Cpanel based system using Courier for primary IP By primary I mean all the other domains use courier on xxx.xxx.xxx.21 port 110 I have a domain with special pop3 needs that is dedicated to xxx.xxx.xxx.22 port 110 The two mail systems are installed, I can tell via telenet that dovecot is listening and

Looks like we are under a dictionary login attack on our POP server: Jun 5 11:48:20 mail dovecot[2620]: pop3-login: Aborted login (auth failed, 1 attempts): user=<audrey>, method=PLAIN, rip=85.189.169.94, lip=192.168.1.9 Jun 5 11:48:24 mail dovecot[2620]: pop3-login: Aborted login (auth failed, 1 attempts): user=<august>, method=PLAIN, rip=85.189.169.94, lip=192.168.1.9 Jun

I've mentioned this before but only heard from one other person who has experienced this, but it's becoming a pretty serious issue. The situation: A spammer sets a bot on a fishing attempt to gain email addresses, causing numerous login processes to spawn and suck up all available resources. The problem: Obviously this can act like a dos attack, but the real issue is after the

Hi, I can't seem to get dovecot to work. When I connect with thunderbird, tbird complains that it can't find the settings for my email. When I connect with evolution, it seems to go through all the motions but it doesn't pick up the waiting messages. Those messages are marked Status: O s if it had read them. The log file for tbird looks like this: Jul 18 17:03:21 why dovecot:

In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3): # doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir

Below is my configuration # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 3.0.0-17-server x86_64 Ubuntu 11.10 auth_mechanisms = plain login mail_location = maildir:/nfs/users/%u/Maildir passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = " imap pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix

Hi, I been using dovecot for awhile and its been solid, however I been having some issues with dictionary attacks. I installed fail2ban and for the most part is working fine. However today I got another spammer relaying through my server. Looking at the logs I see the following dictonary attack from 94.242.206.37 Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,

Hi , I have a problem with Authentication.I don't no, where is the problem,Can anyone help me undestand this problem. Thanks in Advance here is some files: The configuration file dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login

Hi! Sorry for my english... I recently know about dovecot and I try to use it on my server. Previously I used qmail+vpopmail+courier and now I want to use postfix+dovecot and, to mantain all my mailboxes structure, I try to use dovecot with vpopmail. During configuration the script detects my vpopmail installation and configuration and after I get this status: Install prefix

Hi hoping someone can help me a little with this one. I have 2 mail servers, the incoming mail server runs dovecot and the outgoing mail server runs postfix with sasl. Lately I noticed a lot of spammers are running dictionary attacks on my incoming server and then using that user/password for sasl on the outgoing server. The weird thing is I never see on the logs the guessed

I was looking at my maillog and it looks like someone is trying to get into my pop3 server. Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9

Hi I try to use windbind rule to authenticate users in dovecot login procedure. /etc/nsswitch.conf file: passwd: files winbind shadow: files winbind group: files winbind Configuration of the dovecot is follows: log_path: /var/log/dovecot/error.log info_log_path: /var/log/dovecot/info.log protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/pki/tls/certs/dovecot.pem ssl_key_file:

Hi I have a problem whereby Dovecot 1.0.7 is reporting that a recently setup virtual user in /etc/dovecot_passdb is 'unknown'. I have been trying to setup the user 'info' in a plaintext passwd-file /etc/dovecot_passdb as a virtual user, ie non system user. I suspect I have not properly setup 'info' as a virtual imap user... if so, how should I do this? Existing system

Hello everyone, Since the upgrade to 1.0.alpha3 I experience a strange problem with plaintext authentication. I successfully login first few (2-5) times after the dovecot restart, and then on a reason I cannot login any more (both via POP3 and IMAP). I tried to find out what could be the reason for this but I failed. Nothing is changed inside the user's home directory or

Hi! I'm using: Dovecot 1.0.beta8 OpenBSD 3.9 KMail 1.9.3 My password file contains only one user now. I've changed its password to a dumb one: 'asd' (so this is not a wrong password failure :) I've configured the PLAIN and DIGEST-MD5 mechanisms in dovecot.conf, and I'm only using pop3. Also I've turned on the verbose auth logging, and I'm attaching the logs

After updating From Dovecot 1.07 (included with CentOS 5) to 2.11, NTLM authentication will not work. Attempts to authenticate against Samba version 4.0.4-GIT-20cb7de also fail with 'auth: Info: winbind(?,192.168.2.100): user not authenticated: NT_STATUS_UNSUCCESSFUL', despite the fact that the same user can sign on to the Samba domain and access files. What I'm really trying to

Have you tried just using the the filter dovecot.conf come with the fail2ban? # cat /etc/fail2ban/filter.d/dovecot.conf ...... failregex = ^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$ ^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted

Got all the Postfix errors fixed but maybe one, so I don't think that's involved in this mix any more. I had a domain definition problem, got that sorted. The accounts' logins are correct. I tried several from the shell, and they let me in. Here's the minus-n output, not very different from the first time I posted it: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf #

Hello, Dovecot log is showing too many POP3 RETR entries which are identical lines. I also suspect that it is causing high pop traffic eating most of the network bandwidth. Here are some of the lines out of 11009 in a day. Such pattern is observed only for few users. dovecot version is 2.1.17. ============== Mar 20 00:00:07 pi3 dovecot: pop3(user at example.com): Disconnected: Logged out