Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Mail Server
  • Search

dovecot.log

Questions regarding the Mail Server
Dovecot, Exim, RoundCube
Post Reply
  • Print view
Advanced search
4 posts • Page 1 of 1
pandabb
Posts: 192
Joined: Sat Aug 08, 2015 3:03 am

dovecot.log
  • Quote

Post by pandabb » Sun Jan 17, 2016 4:14 pm

Hello i checked my dovecot log and to my surprise there are too many random login attempts, like more than 150+ with different usernames, is my system compromised or this is normal? can fail2ban ban the ip's below autpmatically.

Thanks!
an 18 00:09:45 auth: Error: passwd-file(laura,193.189.117.155): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:10:13 auth: Error: passwd-file(master,193.189.117.148): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:13:47 auth: Error: passwd-file(melissa,193.189.117.148): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:13:51 auth: Error: passwd-file(library,193.189.117.155): stat(/etc/exim/domains//passwd) failed: No such file or directory
Top
BBuchanan1013
Posts: 139
Joined: Thu Jan 07, 2016 12:01 am

Re: dovecot.log
  • Quote

Post by BBuchanan1013 » Mon Jan 18, 2016 10:20 pm

pandabb wrote:Hello i checked my dovecot log and to my surprise there are too many random login attempts, like more than 150+ with different usernames, is my system compromised or this is normal? can fail2ban ban the ip's below autpmatically.

Thanks!
an 18 00:09:45 auth: Error: passwd-file(laura,193.189.117.155): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:10:13 auth: Error: passwd-file(master,193.189.117.148): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:13:47 auth: Error: passwd-file(melissa,193.189.117.148): stat(/etc/exim/domains//passwd) failed: No such file or directory
Jan 18 00:13:51 auth: Error: passwd-file(library,193.189.117.155): stat(/etc/exim/domains//passwd) failed: No such file or directory
If you think your system is compromised, then make sure you have a backup then just re-install everything. Though, if it were me, it actually looks like someone's attempting to make entry. Best bet is to add the ip to the firewall/fail2ban yourself and block it's access. I'm no expert, but it just looks like random attempts to gain access to your mail server and execute/view the passwd file (the one that has all users and passwords listed in it for the system, not for vesta specifically).
Top
pandabb
Posts: 192
Joined: Sat Aug 08, 2015 3:03 am

Re: dovecot.log
  • Quote

Post by pandabb » Tue Jan 19, 2016 1:42 am

thanks for the tip sir.

Does this mean bot is trying to login via domainname.com/webmail?

Is there anyway to change the alias /webmail or add some sort of .htaccess password to prevent bot from crawling it.
Top
pandabb
Posts: 192
Joined: Sat Aug 08, 2015 3:03 am

Re: dovecot.log
  • Quote

Post by pandabb » Tue Jan 19, 2016 5:45 am

Thanks for the help.

I decided just to remove my mail server since i really don't need it plus it takes so much ram if put it all together antiv etc.
Top
Post Reply
  • Print view
4 posts • Page 1 of 1

Return to “Mail Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password