[Dovecot] dovecot dictionary attacks

Timo Sirainen tss at iki.fi
Thu Nov 11 03:22:08 EET 2010

On 10.11.2010, at 23.03, PA wrote:

> However on my smtp mail server that ip is already sending out all sorts of
> spam with the sasl username of Paramus. This username Paramus never shows up
> on the dovevot dictionary attack, as a matter of fact the user Paramus is
> nowhere to be found on the dovecot log at all and I have logs going back
> months. 
> I'm just not sure how they guess the username/password as its not on any
> logs that goes back months and I don't have a dovecot record for that user. 

Well, probably obvious, but since you didn't explicitly say: You have configured Postfix to use Dovecot for authentication, not Cyrus SASL, right?..

More information about the dovecot mailing list