I've seen similar behavior for a long time. My private server is backup MX for another one (which luckily is rarely down), and it is flooded with account cracking attempts 24/7. I also use the IP data to feed filter lists, although this probably isn't of much use.
Cheers, Hans-Martin Am 25. Mai 2026 13:18:26 schrieb Alessandro Vesely via mailop <[email protected]>: > Hi all, > > I understand that password cracking is one of today's professions, at > least among bots. They attempt a number of logins, using various names, > possibly from million-address CDs or Project Honeypot baits. I report > their IP address to AbuseIPDB and to their provider's abuse-box. > > What puzzles me is people that apparently tries using a regular mail > client. The logs I find are like so: > > 2026-05-23 13:59:26 CEST imapd: LOGIN FAILED, method=CRAM-MD5 > 2026-05-23 13:59:31 CEST imapd: LOGIN FAILED, user=EXISTING-USER@domain > 2026-05-23 13:59:37 CEST imapd: LOGOUT > > A wouldn't expect a bot to take care of logging out. These attempts > come from Italy, my country, rather than being spread around the world. > And when I look up their IP on AbuseIPDB, I find out I'm the only one > who reported it. This is disturbing, because I cannot always be sure > they're not real users screwing up their password. However, running a > family host, I know when attempts come from the wrong provider or from > the wrong town, which is most often the case. > > Recently, these attempts have been increasing. I have no autoconfig/ > autodiscover web pages, no _imap._tcp SRV records, and the name of the > IMAP server is not standard, so they must be trying the MX server. Do > mail clients do so? I recall having to give instruction on client > configuration. > > And what are they after? > > > Best > Ale > -- > > > > > > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
