Dovecot: pop/imap login fail after SFP+DKIM+DMARC

Discussion in 'Installation/Configuration' started by jbonlinea, Apr 24, 2019.

  1. jbonlinea

    jbonlinea Member

    Hi guys

    I'm using the stretch perfect server and so far so good

    yesterday evening I edited ISPC> mail > mail domain as well as my dns zone in order to set up SPF + DKIM + DMARC and it seems to work well.

    However, I now find these dovecot erron in my /var/log/mail.log

    Do you have any clue what it is ?
    I assume that now that I have declared that my server may use these domain, some robots have fun trying to connect to "my mailboxes" (some do not exist).

    Could you please confirm this hypothesis or explain me why this errors appeared ?

    Thank's in advance

    Code:
                                                                                                                       
Apr 23 21:52:48 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=51.254.209.190, session=<kDnX7TeHwD1Z+Ku│
                                                                                                                 
Apr 23 23:17:44 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<cFKMHTmHCGBZ+Ku│
                                                                                             
Apr 24 00:23:10 vpsXXXXXX dovecot: imap-login: Disconnected (no auth attempts in 10 secs): user=<>, rip=107.170.238.214, lip=MY.SERVER.IP.ADDRESS, TLS handshaking: SSL_accept() syscall failed: Success, session=<XYesB│
                                                                                            
Apr 24 00:43:24 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<KIfuTzqHYoJZ+K│
                                                                               
Apr 24 02:09:57 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<pQJ1hTuHpKRZ+Ku│
                                                                     
Apr 24 03:36:53 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<tEBdvDyHEsdZ+Ku│
                                                                                             
Apr 24 05:03:54 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<SYOS8z2HkOlZ+K│
                                 
Apr 24 06:31:06 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 3 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<Q7BgKz+H5g9Z+Ku│

Apr 24 07:58:12 vpsXXXXXX dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=89.248.171.170, lip=MY.SERVER.IP.ADDRESS, session=<biTmYkCHUjJZ+Ku│
     
    jbonlinea, Apr 24, 2019
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    That does look like cracking attempts to your mail accounts.
    Fail2ban can help a little. Otherwise there is not much that can be done, Internet if full of script kiddies trying to get into servers.
     
    Taleman, Apr 24, 2019
    #2

Share This Page