On 2017-06-23 15:09, Marcus Rueckert wrote:
On Fri, 23 Jun 2017 11:38:28 -0700 Daniel Miller <[email protected]> wrote:While auditing my logs after an account was compromised, I see a number of entries like: Jun 23 11:32:18 bubba dovecot: auth: ldap("one-of-my-accounts",127.0.0.1): invalid credentialswebmail?
I thought that as well - because I do have a webmail service - but that's on a separate virtual server (admittedly, running on this host). So that shouldn't give me a localhost IP. I also don't see anything in the webmail logs corresponding to the dovecot logs.
--- Daniel
