[Dovecot] Spammers attempting SASL Auth
Simon Brereton
simon.brereton at buongiorno.com
Mon Oct 17 19:21:10 EEST 2011
On 17 October 2011 12:10, Tom Pawlowski <tompru at jla.rutgers.edu> wrote:
> Take a look at:
>
> http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c
>
> on line 536. That's the auth service catching illegal characters and
> rejecting the attempt. It'll happen with or without a valid user. So,
> working as it should.
>
> As for spammers trying to brute force valid logins, yep, pretty common.
> Higher rate of success if they can mail from a known good server and
> account.
Okay, thanks for that. That's the info/reassurance I was after. In
the meantime I've update fail2ban to take care of it. You're right
about the higher rate of success, I've just never seen a spammer try
it before - usually their resources are better spend just sending the
mail. But it's good to know that dovecot will trap and block the
illegal Chars :)
Thanks.
Simon
More information about the dovecot
mailing list