[Dovecot] 64.31.19.48 attempt to break into my computer

Rick Romero rick at havokmon.com
Thu Sep 22 17:34:17 EEST 2011


Quoting Mike Cardwell <dovecot at lists.grepular.com>:

> On 22/09/11 15:21, Ralf Hildebrandt wrote:
>
>
> Perhaps, if you have a list of the plain text passwords in advance you
> could use ClamAV. In our case, we don't as we're using an AD. I actually
> copied the ClamAV tcp and local interface API so that any MTA which can
> plug in to ClamAV is also able to plug into Kochi. That's one of the
> things the framework provides.

There are additional 'non-official' ClamAV signatures that are meant  
to detect phishing attempts.
They do work, but aren't perfect.

I'm fortunate enough to be on the phishing list, so I wrote a quickie  
perl script that will grep the logs for all the recipients and then  
scan their INBOX for the phishing email and remove it before they read  
it.

Rick





More information about the dovecot mailing list