Hi at all, I have a linux mail server Centos 7 under attack.. the ossec rules don't block this attack. Somebody can write a rules for fired an alert with this entry in log dovecot.log?
Oct 17 07:45:36 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=<test...@tech2.it>, method=PLAIN, rip=177.37.96.254, lip=10.12.14.11, TLS, session=<WoaVLWZ456CxJWD+> All the best Giorgio Biondi. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
