EXIM auth failed - no IP registered in incident?
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Jeppe
  2. 15.04.2017
  3.  Subscribe via email
We are missing IP's from some entries in the incident overview - please see the following screenshot: https://i.imgur.com/wt8InhP.png

Is this a bug?
It seems the system does not blacklist the IP's either.
Rate this post:
  1. 17.04.2017 10:04:06
  2. # 1
Rushan Shaymardanov Accepted Answer
Posts: 0
Joined: 30.10.2020
0
Votes
Undo
IP is not detected for this incident because there is no ip in corresponding dovecot message, so this is probably dovecot misconfiguration issue. Take a look at this thread https://www.dovecot.org/list/dovecot/2012-October/138454.html

> This was similar to another complaint several months ago. I conjectured
> that these attempts are SMTP AUTH, not IMAP, brute forcing. Are you
> using the dovecot's SASL feature to authenticate outgoing Email (i.e. via
> Postfix?). Maybe you verify this hypothesis by checking the Postfix logs.

Probably postfix tries to authenticate using dovecot SASL mechanism.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Rushan Shaymardanov
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.