Hi!
I’m new to the list, and I’m not really having a ‘problem’, but I’m seeing something in my log files that I wonder if I should be concerned. I’ve been using Dovecot (dovecot-0.99.14-8.fc4) on my Fedora Core 4 (kernel 2.6.17-1.2142_FC4) machine from quite some time. For the last few days, I’ve been seeing this in my daily ‘Logwatch’ e-mail: dovecot: Authentication Failures: rhost= : 139 Time(s) root: 13 Time(s) Unknown Entries: check pass; user unknown: 139 Time(s) So it looks pretty obvious that someone (using root and an assortment of other login names) is trying to access by dovecot server. My first ‘issue’ is I can’t find a log file anywhere that tells me the IP address of the attacker. I see a series of ‘authentication failure’ messages in my /log/messages file: May 29 21:23:35 mydomainname dovecot(pam_unix)[15317]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root May 29 21:23:35 mydomainname dovecot(pam_unix)[15318]: check pass; user unknown May 29 21:23:35 mydomainname dovecot(pam_unix)[15318]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= May 29 21:23:36 mydomainname dovecot(pam_unix)[15320]: check pass; user unknown May 29 21:23:36 mydomainname dovecot(pam_unix)[15320]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= But I don’t find anything in any other log files to indicate where this is coming from. Secondly, I’m wondering if I have anything to be concerned about. Thanks in advance for you help! Jon No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.3/824 - Release Date: 5/29/2007 1:01 PM