I guess this is an unusual question as I don't find anything with Search.
I have just two admin email accounts on our server, and I access them via DirectAdmin webmail (SquirrelMail). The messages get forwarded to my gmail account.
Logwatch shows lots of Dovecot stuff. I assume that (unknown IP) 195.13.233.4 is are looking for an account they can send spam from?
Small sample:
Code:
**Unmatched Entries**
dovecot[2079]: auth(default): passwd-file(access,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(account,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(admin,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(administrator,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
dovecot[2079]: auth(default): passwd-file(backup,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(data,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(informix,195.13.233.4): no passwd file: /etc/virtual//passwd: 22 Time(s)
dovecot[2079]: auth(default): passwd-file(lizdy,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
dovecot[2079]: auth(default): passwd-file(oracle,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
dovecot[2079]: auth(default): passwd-file(oracle8,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
dovecot[2079]: auth(default): passwd-file(pwrchute,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
It occurs to me that since there are no valid POP3 logins at all, maybe I could somehow remove/disable the service.
But I don't know how to do that, and I don't want to break anything.
The forum mails out notifications, and the admin account needs to receive any reject messages from external SMPT servers. I don't think Dovecot has anything to do with that or with webmail, but could surely be wrong..