LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   security issue (http://www.linuxquestions.org/questions/slackware-14/security-issue-4175438769/)

idnotcrae 11-26-2012 09:22 AM

security issue
 
i'm a normal user and i dont know much about security, so i need ur help cuz i see strange logs when i read "logwatch" mail, it's a long but i hope u have sometime to check it and tell me what i do, thx
here are some of dovecot messsages:
Code:

--------------------- Dovecot Begin ------------------------

 **Unmatched Entries**
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:12345: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin1: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin12: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin123: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:account: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:admin: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:shop: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:smtp: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:test: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: support:support: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: test:test: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: webmaster:webmaster: 2 Time(s)
    dovecot: auth(default): client in: AUTH        1        LOGIN        service=smtp: 4 Time(s)
    dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=32817        resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=32911        resp=<hidden>: 1 Time(s)
...
...

  dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=60734        resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=60826        resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=60896        resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH        1        PLAIN        service=pop3        lip=184.107.223.30        rip=207.150.178.12        lport=110        rport=60973        resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH        2        LOGIN        service=smtp: 3 Time(s)
    dovecot: auth(default): client in: AUTH        3        LOGIN        service=smtp: 3 Time(s)
    dovecot: auth(default): client in: AUTH        4        LOGIN        service=smtp: 1 Time(s)
    dovecot: auth(default): client in: AUTH        5        LOGIN        service=smtp: 1 Time(s)
    dovecot: auth(default): client in: CONT<hidden>: 24 Time(s)
    dovecot: auth(default): client out: CONT        1        UGFzc3dvcmQ6: 4 Time(s)
    dovecot: auth(default): client out: CONT        1        VXNlcm5hbWU6: 4 Time(s)
    dovecot: auth(default): client out: CONT        2        UGFzc3dvcmQ6: 3 Time(s)
    dovecot: auth(default): client out: CONT        2        VXNlcm5hbWU6: 3 Time(s)
    dovecot: auth(default): client out: CONT        3        UGFzc3dvcmQ6: 3 Time(s)
    dovecot: auth(default): client out: CONT        3        VXNlcm5hbWU6: 3 Time(s)
    dovecot: auth(default): client out: CONT        4        UGFzc3dvcmQ6: 1 Time(s)
    dovecot: auth(default): client out: CONT        4        VXNlcm5hbWU6: 1 Time(s)
    dovecot: auth(default): client out: CONT        5        UGFzc3dvcmQ6: 1 Time(s)
    dovecot: auth(default): client out: CONT        5        VXNlcm5hbWU6: 1 Time(s)
    dovecot: auth(default): client out: FAIL        1: 9 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=account: 8 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=admin: 32 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=bill: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=cat: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=comercial: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=contact: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=dummy: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=fax: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=fedora: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=guest: 8 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=info: 38 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=library: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=mail: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=monitor: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=newsletter: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=office: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=oracle: 6 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=postmaster: 8 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=root: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=sales: 12 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=scan: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=server: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=service: 6 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=shop: 6 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=smtp: 42 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=spam: 18 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=squid: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=support: 18 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=temp: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=test: 40 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=test1: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=user: 4 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=visitor: 2 Time(s)
    dovecot: auth(default): client out: FAIL        1        user=webmaster: 2 Time(s)
    dovecot: auth(default): client out: FAIL        2        user=admin: 3 Time(s)
    dovecot: auth(default): client out: FAIL        3        user=admin: 3 Time(s)
    dovecot: auth(default): client out: FAIL        4        user=admin: 1 Time(s)
    dovecot: auth(default): client out: FAIL        5        user=admin: 1 Time(s)
...
...

  dovecot: auth(default): new auth connection: pid=6413: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6414: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6415: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6416: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6417: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6418: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6419: 1 Time(s)
    dovecot: auth(default): plain(?,207.150.178.12): Empty username: 2 Time(s)
    dovecot: auth(default): plain(?,207.150.178.12): Username contains disallowed character: 0x3a: 26 Time(s)
   
    dovecot: auth-worker(default): mysql: Connected to localhost (mail): 2 Time(s)
    dovecot: auth-worker(default): sql(account,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'account' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(account,207.150.178.12): unknown user: 8 Time(s)
    dovecot: auth-worker(default): sql(admin): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'admin' AND active='1': 12 Time(s)
    dovecot: auth-worker(default): sql(admin): unknown user: 12 Time(s)
    dovecot: auth-worker(default): sql(admin,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'admin' AND active='1': 28 Time(s)
    dovecot: auth-worker(default): sql(admin,207.150.178.12): unknown user: 28 Time(s)
    dovecot: auth-worker(default): sql(bill,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'bill' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(bill,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(cat,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'cat' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(cat,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(comercial,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'comercial' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(comercial,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(contact,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'contact' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(contact,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(dummy,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'dummy' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(dummy,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(fax,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'fax' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(fax,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(fedora,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'fedora' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(fedora,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(guest,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'guest' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(guest,207.150.178.12): unknown user: 8 Time(s)
   
    dovecot: auth-worker(default): sql(info,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'info' AND active='1': 38 Time(s)
    dovecot: auth-worker(default): sql(info,207.150.178.12): unknown user: 38 Time(s)
    dovecot: auth-worker(default): sql(library,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'library' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(library,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(mail,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'mail' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(mail,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(monitor,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'monitor' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(monitor,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(newsletter,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'newsletter' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(newsletter,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(office,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'office' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(office,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(oracle,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'oracle' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(oracle,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(postmaster,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'postmaster' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(postmaster,207.150.178.12): unknown user: 8 Time(s)
    dovecot: auth-worker(default): sql(root,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'root' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(root,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(sales,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'sales' AND active='1': 12 Time(s)
    dovecot: auth-worker(default): sql(sales,207.150.178.12): unknown user: 12 Time(s)
    dovecot: auth-worker(default): sql(scan,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'scan' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(scan,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(server,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'server' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(server,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(service,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'service' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(service,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(shop,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'shop' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(shop,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(smtp,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'smtp' AND active='1': 42 Time(s)
    dovecot: auth-worker(default): sql(smtp,207.150.178.12): unknown user: 42 Time(s)
    dovecot: auth-worker(default): sql(spam,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'spam' AND active='1': 18 Time(s)
    dovecot: auth-worker(default): sql(spam,207.150.178.12): unknown user: 18 Time(s)
    dovecot: auth-worker(default): sql(squid,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'squid' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(squid,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(support,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'support' AND active='1': 18 Time(s)
    dovecot: auth-worker(default): sql(support,207.150.178.12): unknown user: 18 Time(s)
    dovecot: auth-worker(default): sql(temp,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'temp' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(temp,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(test,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'test' AND active='1': 40 Time(s)
    dovecot: auth-worker(default): sql(test,207.150.178.12): unknown user: 40 Time(s)
    dovecot: auth-worker(default): sql(test1,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'test1' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(test1,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(user,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'user' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(user,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(visitor,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'visitor' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(visitor,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(webmaster,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'webmaster' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(webmaster,207.150.178.12): unknown user: 2 Time(s)
 
    dovecot: dict: mysql: Connected to localhost (mail): 1 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 9 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<account>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 28 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<bill>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<cat>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<comercial>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<contact>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<dummy>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<fax>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<fedora>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<guest>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<info>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 38 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<library>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<mail>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<monitor>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<newsletter>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<office>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<oracle>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<postmaster>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<root>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<sales>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 12 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<scan>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<server>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<service>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<shop>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<smtp>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 42 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<spam>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 18 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<squid>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<support>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 18 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<temp>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<test1>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<test>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 40 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<user>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<visitor>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<webmaster>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
 
 ---------------------- Dovecot End -------------------------


tdos20 11-26-2012 12:04 PM

I would suggest using something like fail2ban to lock out malicious attempts to connect to your mail server (Dovecot)

Haythem 11-26-2012 01:50 PM

Quote:

Originally Posted by tdos20 (Post 4837370)
I would suggest using something like fail2ban to lock out malicious attempts to connect to your mail server (Dovecot)

thx for ur reply and i'll google "fail2ban" to see how can i benefit from it, but as i stated that i don't have enough experience and actually i don't know if he (based on the log) could log into the dovecot or still trying.

EDIT: i forget that i'm logging in from my other account.


All times are GMT -5. The time now is 01:29 AM.