You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2023-06-07 22:40:53 auth: Info: passwd-file([email protected],154.127.86.66): unknown user
2023-06-07 22:41:00 auth: Info: passwd-file([email protected],185.247.64.171): unknown user
in /var/log/exim4/rejectlog
2023-06-07 22:41:04 dovecot_login authenticator failed for ([185.247.64.172]) [185.247.64.171]: 535 Incorrect authentication data (set_id=[email protected])
2023-06-07 22:41:06 dovecot_login authenticator failed for ([5.32.22.218]) [5.32.22.218]: 535 Incorrect authentication data (set_id=[email protected])
2023-06-07 22:41:09 dovecot_login authenticator failed for (localhost) [46.148.40.148]: 535 Incorrect authentication data (set_id=s68)
2023-06-07 22:41:09 dovecot_login authenticator failed for ([220.162.202.86]) [220.162.202.86]: 535 Incorrect authentication data (set_id=[email protected])
The unknown user ones for dovecot can be csf -d IP-blocked immediately, as far as I'm concerned, The rejectlog ones as well.
There's no proper way to fight bought bot-net attacks otherwise. Especially on servers with users that are long time users, there's not going to be an issue banning at once.
The text was updated successfully, but these errors were encountered:
in /var/log/dovecot.log
2023-06-07 22:40:53 auth: Info: passwd-file([email protected],154.127.86.66): unknown user
2023-06-07 22:41:00 auth: Info: passwd-file([email protected],185.247.64.171): unknown user
in /var/log/exim4/rejectlog
2023-06-07 22:41:04 dovecot_login authenticator failed for ([185.247.64.172]) [185.247.64.171]: 535 Incorrect authentication data (set_id=[email protected])
2023-06-07 22:41:06 dovecot_login authenticator failed for ([5.32.22.218]) [5.32.22.218]: 535 Incorrect authentication data (set_id=[email protected])
2023-06-07 22:41:09 dovecot_login authenticator failed for (localhost) [46.148.40.148]: 535 Incorrect authentication data (set_id=s68)
2023-06-07 22:41:09 dovecot_login authenticator failed for ([220.162.202.86]) [220.162.202.86]: 535 Incorrect authentication data (set_id=[email protected])
The unknown user ones for dovecot can be csf -d IP-blocked immediately, as far as I'm concerned, The rejectlog ones as well.
There's no proper way to fight bought bot-net attacks otherwise. Especially on servers with users that are long time users, there's not going to be an issue banning at once.
The text was updated successfully, but these errors were encountered: