Log: dovecot-bruteforce
May 20 20:53:36 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=mailer-daemon rhost=183.62.20.2
May 20 20:53:52 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=189.56.184.189 user=www-data
May 20 20:54:06 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=210.19.112.202 user=www-data
May 20 20:54:18 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=136.143.205.93 user=www-data
May 20 20:54:29 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=122.169.105.195 user=www-data
May 20 20:54:43 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=189.44.62.218 user=www-data
May 20 20:54:56 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=122.160.77.169 user=www-data
May 20 20:55:07 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=193.253.229.100 user=www-data
May 20 20:55:20 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=www-data rhost=37.72.54.241 user=www-data
May 20 20:55:32 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=221.138.38.85 user=daemon
May 20 20:55:42 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=77.26.110.83 user=daemon
May 20 20:55:57 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=212.0.145.41 user=daemon
May 20 20:56:11 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=71.214.217.169 user=daemon
May 20 20:56:25 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=59.154.237.149 user=daemon
May 20 20:56:36 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=77.29.230.175 user=daemon
May 20 20:56:46 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=81.16.112.230 user=daemon
May 20 20:56:58 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=189.113.187.171 user=daemon
May 20 20:57:09 mx1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=daemon rhost=122.175.40.117 user=daemon
For: Linux servers running dovecot - imap server
Meaning: Dovecot failed logging attempts. It seems like a distributed brute force from multiple IP addresses.
What to do: We recommend setting up active response to block IP addresses doing brute force.
Get
Started