LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-27-2010, 02:23 AM   #1
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Rep: Reputation: 0
Don't need POP3 or IMAP support - can I disable?


I guess this is an unusual question as I don't find anything with Search.

I have just two admin email accounts on our server, and I access them via DirectAdmin webmail (SquirrelMail). The messages get forwarded to my gmail account.

Logwatch shows lots of Dovecot stuff. I assume that (unknown IP) 195.13.233.4 is are looking for an account they can send spam from?
Small sample:
Code:
 **Unmatched Entries**
   dovecot[2079]: auth(default): passwd-file(access,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(account,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(admin,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(administrator,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(backup,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(data,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(informix,195.13.233.4): no passwd file: /etc/virtual//passwd: 22 Time(s)
   dovecot[2079]: auth(default): passwd-file(lizdy,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(oracle,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(oracle8,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(pwrchute,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
It occurs to me that since there are no valid POP3 logins at all, maybe I could somehow remove/disable the service.

But I don't know how to do that, and I don't want to break anything.
The forum mails out notifications, and the admin account needs to receive any reject messages from external SMPT servers. I don't think Dovecot has anything to do with that or with webmail, but could surely be wrong..
 
Old 09-27-2010, 02:42 AM   #2
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
In squirellmail didn't you set pop or imap ?then how can you disable it?If you disable it how you want to get mails.

You can sent mail from

telnet localhost 25

(you want to try this i.e want to send mails only from command prompt?)
 
Old 09-27-2010, 01:45 PM   #3
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Original Poster
Rep: Reputation: 0
I access SquirrelMail from DirectAdmin on my server. It's just a button and then a login screen.

The forum notifications go out via sendmail I think.

I believe Dovecot is just for supporting remote clients but my total incomprehension of mail is why I'm asking here. It's Dovecot that I'm asking about disabling.

Perhaps the multiple failed POP3 attempts aren't really much of a risk?

Last edited by cnmoore; 09-27-2010 at 05:16 PM.
 
Old 10-09-2010, 11:05 PM   #4
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by cnmoore View Post
Perhaps the multiple failed POP3 attempts aren't really much of a risk?
I fear that the dictionary attacks on my email accounts might succeed and then they could send spam from my account.

I believe this line in iptables has stopped these pesky Chinese attackers:
DROP all -- 60.8.0.0/15 anywhere

That stops 60.8.11.54.
The IP range for that ISP "China Unicom Hebei province network" is 60.0.0.0 - 60.10.255.255 so I'm dropping them all.
 
Old 03-30-2011, 11:00 PM   #5
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Original Poster
Rep: Reputation: 0
Eventually worked this out with iptables.
http://www.linuxquestions.org/questi...ommand-871300/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to support imap and pop3 in php azza Linux - Newbie 1 03-13-2009 05:44 AM
support software selection mta + pop3 or imap + webmail guglielmo Linux - Server 0 02-16-2008 06:22 PM
pop3,imap dev_dks Linux - Networking 1 09-18-2006 04:01 AM
Pop3/imap jarrell Linux - General 6 07-15-2006 02:02 AM
courier imap can't auth. imap and pop3 adrianmak Linux - Software 1 12-11-2005 05:22 PM


All times are GMT -5. The time now is 12:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration