LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 11-26-2012, 10:22 AM   #1
idnotcrae
Member
 
Registered: May 2011
Distribution: Slackware
Posts: 121

Rep: Reputation: 0
security issue


i'm a normal user and i dont know much about security, so i need ur help cuz i see strange logs when i read "logwatch" mail, it's a long but i hope u have sometime to check it and tell me what i do, thx
here are some of dovecot messsages:
Code:
--------------------- Dovecot Begin ------------------------ 

 **Unmatched Entries**
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:12345: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin1: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin12: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: admin:admin123: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:account: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:admin: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:shop: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:smtp: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: smtp:test: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: support:support: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: test:test: 2 Time(s)
    dovecot: auth(default): auth(?,207.150.178.12): Invalid username: webmaster:webmaster: 2 Time(s)
    dovecot: auth(default): client in: AUTH	1	LOGIN	service=smtp: 4 Time(s)
    dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=32817	resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=32911	resp=<hidden>: 1 Time(s)
...
...

   dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=60734	resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=60826	resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=60896	resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH	1	PLAIN	service=pop3	lip=184.107.223.30	rip=207.150.178.12	lport=110	rport=60973	resp=<hidden>: 1 Time(s)
    dovecot: auth(default): client in: AUTH	2	LOGIN	service=smtp: 3 Time(s)
    dovecot: auth(default): client in: AUTH	3	LOGIN	service=smtp: 3 Time(s)
    dovecot: auth(default): client in: AUTH	4	LOGIN	service=smtp: 1 Time(s)
    dovecot: auth(default): client in: AUTH	5	LOGIN	service=smtp: 1 Time(s)
    dovecot: auth(default): client in: CONT<hidden>: 24 Time(s)
    dovecot: auth(default): client out: CONT	1	UGFzc3dvcmQ6: 4 Time(s)
    dovecot: auth(default): client out: CONT	1	VXNlcm5hbWU6: 4 Time(s)
    dovecot: auth(default): client out: CONT	2	UGFzc3dvcmQ6: 3 Time(s)
    dovecot: auth(default): client out: CONT	2	VXNlcm5hbWU6: 3 Time(s)
    dovecot: auth(default): client out: CONT	3	UGFzc3dvcmQ6: 3 Time(s)
    dovecot: auth(default): client out: CONT	3	VXNlcm5hbWU6: 3 Time(s)
    dovecot: auth(default): client out: CONT	4	UGFzc3dvcmQ6: 1 Time(s)
    dovecot: auth(default): client out: CONT	4	VXNlcm5hbWU6: 1 Time(s)
    dovecot: auth(default): client out: CONT	5	UGFzc3dvcmQ6: 1 Time(s)
    dovecot: auth(default): client out: CONT	5	VXNlcm5hbWU6: 1 Time(s)
    dovecot: auth(default): client out: FAIL	1: 9 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=account: 8 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=admin: 32 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=bill: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=cat: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=comercial: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=contact: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=dummy: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=fax: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=fedora: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=guest: 8 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=info: 38 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=library: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=mail: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=monitor: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=newsletter: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=office: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=oracle: 6 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=postmaster: 8 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=root: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=sales: 12 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=scan: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=server: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=service: 6 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=shop: 6 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=smtp: 42 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=spam: 18 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=squid: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=support: 18 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=temp: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=test: 40 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=test1: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=user: 4 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=visitor: 2 Time(s)
    dovecot: auth(default): client out: FAIL	1	user=webmaster: 2 Time(s)
    dovecot: auth(default): client out: FAIL	2	user=admin: 3 Time(s)
    dovecot: auth(default): client out: FAIL	3	user=admin: 3 Time(s)
    dovecot: auth(default): client out: FAIL	4	user=admin: 1 Time(s)
    dovecot: auth(default): client out: FAIL	5	user=admin: 1 Time(s)
...
...

  dovecot: auth(default): new auth connection: pid=6413: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6414: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6415: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6416: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6417: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6418: 1 Time(s)
    dovecot: auth(default): new auth connection: pid=6419: 1 Time(s)
    dovecot: auth(default): plain(?,207.150.178.12): Empty username: 2 Time(s)
    dovecot: auth(default): plain(?,207.150.178.12): Username contains disallowed character: 0x3a: 26 Time(s)
    
    dovecot: auth-worker(default): mysql: Connected to localhost (mail): 2 Time(s)
    dovecot: auth-worker(default): sql(account,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'account' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(account,207.150.178.12): unknown user: 8 Time(s)
    dovecot: auth-worker(default): sql(admin): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'admin' AND active='1': 12 Time(s)
    dovecot: auth-worker(default): sql(admin): unknown user: 12 Time(s)
    dovecot: auth-worker(default): sql(admin,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'admin' AND active='1': 28 Time(s)
    dovecot: auth-worker(default): sql(admin,207.150.178.12): unknown user: 28 Time(s)
    dovecot: auth-worker(default): sql(bill,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'bill' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(bill,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(cat,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'cat' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(cat,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(comercial,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'comercial' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(comercial,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(contact,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'contact' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(contact,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(dummy,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'dummy' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(dummy,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(fax,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'fax' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(fax,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(fedora,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'fedora' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(fedora,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(guest,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'guest' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(guest,207.150.178.12): unknown user: 8 Time(s)
    
    dovecot: auth-worker(default): sql(info,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'info' AND active='1': 38 Time(s)
    dovecot: auth-worker(default): sql(info,207.150.178.12): unknown user: 38 Time(s)
    dovecot: auth-worker(default): sql(library,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'library' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(library,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(mail,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'mail' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(mail,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(monitor,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'monitor' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(monitor,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(newsletter,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'newsletter' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(newsletter,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(office,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'office' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(office,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(oracle,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'oracle' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(oracle,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(postmaster,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'postmaster' AND active='1': 8 Time(s)
    dovecot: auth-worker(default): sql(postmaster,207.150.178.12): unknown user: 8 Time(s)
    dovecot: auth-worker(default): sql(root,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'root' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(root,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(sales,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'sales' AND active='1': 12 Time(s)
    dovecot: auth-worker(default): sql(sales,207.150.178.12): unknown user: 12 Time(s)
    dovecot: auth-worker(default): sql(scan,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'scan' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(scan,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(server,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'server' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(server,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(service,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'service' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(service,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(shop,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'shop' AND active='1': 6 Time(s)
    dovecot: auth-worker(default): sql(shop,207.150.178.12): unknown user: 6 Time(s)
    dovecot: auth-worker(default): sql(smtp,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'smtp' AND active='1': 42 Time(s)
    dovecot: auth-worker(default): sql(smtp,207.150.178.12): unknown user: 42 Time(s)
    dovecot: auth-worker(default): sql(spam,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'spam' AND active='1': 18 Time(s)
    dovecot: auth-worker(default): sql(spam,207.150.178.12): unknown user: 18 Time(s)
    dovecot: auth-worker(default): sql(squid,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'squid' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(squid,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(support,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'support' AND active='1': 18 Time(s)
    dovecot: auth-worker(default): sql(support,207.150.178.12): unknown user: 18 Time(s)
    dovecot: auth-worker(default): sql(temp,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'temp' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(temp,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(test,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'test' AND active='1': 40 Time(s)
    dovecot: auth-worker(default): sql(test,207.150.178.12): unknown user: 40 Time(s)
    dovecot: auth-worker(default): sql(test1,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'test1' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(test1,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(user,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'user' AND active='1': 4 Time(s)
    dovecot: auth-worker(default): sql(user,207.150.178.12): unknown user: 4 Time(s)
    dovecot: auth-worker(default): sql(visitor,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'visitor' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(visitor,207.150.178.12): unknown user: 2 Time(s)
    dovecot: auth-worker(default): sql(webmaster,207.150.178.12): query: SELECT username AS user, password, CONCAT('/var/mail/vhosts/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = 'webmaster' AND active='1': 2 Time(s)
    dovecot: auth-worker(default): sql(webmaster,207.150.178.12): unknown user: 2 Time(s)
   
    dovecot: dict: mysql: Connected to localhost (mail): 1 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 9 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<account>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 28 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<bill>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<cat>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<comercial>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<contact>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<dummy>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<fax>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<fedora>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<guest>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<info>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 38 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<library>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<mail>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<monitor>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<newsletter>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<office>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<oracle>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<postmaster>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 8 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<root>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<sales>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 12 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<scan>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<server>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<service>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<shop>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 6 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<smtp>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 42 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<spam>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 18 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<squid>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<support>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 18 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<temp>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<test1>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<test>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 40 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<user>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 4 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<visitor>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
    dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<webmaster>, method=PLAIN, rip=207.150.178.12, lip=184.107.223.30: 2 Time(s)
 
 ---------------------- Dovecot End -------------------------

Last edited by idnotcrae; 11-26-2012 at 10:42 AM.
 
Old 11-26-2012, 01:04 PM   #2
tdos20
Member
 
Registered: Aug 2006
Location: London
Distribution: Slackware
Posts: 103

Rep: Reputation: 29
I would suggest using something like fail2ban to lock out malicious attempts to connect to your mail server (Dovecot)
 
Old 11-26-2012, 02:50 PM   #3
Haythem
Member
 
Registered: Jun 2012
Distribution: Slackware
Posts: 51

Rep: Reputation: Disabled
Quote:
Originally Posted by tdos20 View Post
I would suggest using something like fail2ban to lock out malicious attempts to connect to your mail server (Dovecot)
thx for ur reply and i'll google "fail2ban" to see how can i benefit from it, but as i stated that i don't have enough experience and actually i don't know if he (based on the log) could log into the dovecot or still trying.

EDIT: i forget that i'm logging in from my other account.

Last edited by Haythem; 11-26-2012 at 02:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security issue or not? And if so what to do? Lancelot1 Linux - Security 8 11-16-2009 04:59 PM
webmin issue, poss security issue bejiita Slackware 3 11-03-2004 07:07 AM


All times are GMT -5. The time now is 04:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration