[SOLVED] Don't need POP3 or IMAP support

cnmoore · 09-27-2010, 01:23 AM

I guess this is an unusual question as I don't find anything with Search.

I have just two admin email accounts on our server, and I access them via DirectAdmin webmail (SquirrelMail). The messages get forwarded to my gmail account.

Logwatch shows lots of Dovecot stuff. I assume that (unknown IP) 195.13.233.4 is are looking for an account they can send spam from?
Small sample:

Code:

 **Unmatched Entries**
   dovecot[2079]: auth(default): passwd-file(access,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(account,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(admin,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(administrator,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(backup,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(data,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(informix,195.13.233.4): no passwd file: /etc/virtual//passwd: 22 Time(s)
   dovecot[2079]: auth(default): passwd-file(lizdy,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)
   dovecot[2079]: auth(default): passwd-file(oracle,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(oracle8,195.13.233.4): no passwd file: /etc/virtual//passwd: 21 Time(s)
   dovecot[2079]: auth(default): passwd-file(pwrchute,195.13.233.4): no passwd file: /etc/virtual//passwd: 23 Time(s)

It occurs to me that since there are no valid POP3 logins at all, maybe I could somehow remove/disable the service.

But I don't know how to do that, and I don't want to break anything.
The forum mails out notifications, and the admin account needs to receive any reject messages from external SMPT servers. I don't think Dovecot has anything to do with that or with webmail, but could surely be wrong..

prayag_pjs · 09-27-2010, 01:42 AM

In squirellmail didn't you set pop or imap ?then how can you disable it?If you disable it how you want to get mails.

You can sent mail from

telnet localhost 25

(you want to try this i.e want to send mails only from command prompt?)

cnmoore · 09-27-2010, 12:45 PM

I access SquirrelMail from DirectAdmin on my server. It's just a button and then a login screen.

The forum notifications go out via sendmail I think.

I believe Dovecot is just for supporting remote clients but my total incomprehension of mail is why I'm asking here. It's Dovecot that I'm asking about disabling.

Perhaps the multiple failed POP3 attempts aren't really much of a risk?

cnmoore · 10-09-2010, 10:05 PM

Quote:

Originally Posted by cnmoore

Perhaps the multiple failed POP3 attempts aren't really much of a risk?

I fear that the dictionary attacks on my email accounts might succeed and then they could send spam from my account.

I believe this line in iptables has stopped these pesky Chinese attackers:
DROP all -- 60.8.0.0/15 anywhere

That stops 60.8.11.54.
The IP range for that ISP "China Unicom Hebei province network" is 60.0.0.0 - 60.10.255.255 so I'm dropping them all.

cnmoore · 03-30-2011, 10:00 PM

Eventually worked this out with iptables.
http://www.linuxquestions.org/questi...ommand-871300/