Yes that was what i tough , since i removed those client apps from my phone i
did not had any more issues with my public ip being banned or any line in log
with the word "auth fail" where i log in .
It looks like most error logs i get here are :
(Someone trying to force SSL on TLS 1.3 connection , probably to exploit some
vulnerability in SSL1,2 and 3 in case of success )
dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed:
error:0A00010B:SSL routines::wrong version number (disconnected before auth was
ready, waited 0 secs): user=<>, rip=xxx.xxx.
xxx.xxx, lip=XXX.XXX.XXX.XXX, TLS handshaking: SSL_accept()
failed:error:0A00010B:SSL routines::wrong version number, session=<some_hash>
or this one witch looks like manual input over telnet to try something
dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts
in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, session=<some_hash>
Honestly none of these ips have good intentions or are from valid domains , i
will probably create a bash script that i will run daily to catch all of these
attempts and ban the ip forever in iptables , more easier to solve this issue
than giving that person 10 minutes or hours of ban time and then retry again .
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
