Announcement

Collapse
No announcement yet.

EXIM auth failed - no IP registered in incident?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • EXIM auth failed - no IP registered in incident?

    We are missing IPs from some entries in the incident overview - please see the following screenshot: https://i.imgur.com/wt8InhP.png

    Is this a bug?
    It seems the system does not blacklist the IPs either.

  • #2
    IP is not detected for this incident because there is no ip in corresponding dovecot message, so this is probably dovecot misconfiguration issue. Take a look at this thread https://www.dovecot.org/list/dovecot...er/138454.html

    > This was similar to another complaint several months ago. I conjectured
    > that these attempts are SMTP AUTH, not IMAP, brute forcing. Are you
    > using the dovecots SASL feature to authenticate outgoing Email (i.e. via
    > Postfix?). Maybe you verify this hypothesis by checking the Postfix logs.

    Probably postfix tries to authenticate using dovecot SASL mechanism.

    Comment

    Working...
    X