I've got very brazen pop3 attack how to protect the server?

Posted by Ken Tang on Server Fault See other posts from Server Fault or by Ken Tang
Published on 2012-11-11T14:53:13Z Indexed on 2012/11/11 17:03 UTC
Read the original article Hit count: 236

Filed under:

dovecot

|

pop3

|

mailserver

Today I have brazen attack to my pop3-dovecot server and mail log is full over (200MB) with this kind of information:

Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<shawn>, method=PLAIN, rip=200.233.152.111, lip=myip
Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<shop>, method=PLAIN, rip=200.233.152.111, lip=myip
Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<sitetest>, method=PLAIN, rip=200.233.152.111, lip=myip
Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<solar>, method=PLAIN, rip=200.233.152.111, lip=myip
Nov 11 09:28:15 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<services>, method=PLAIN, rip=200.233.152.111, lip=myip

I just blocked attacker's ip by iptables

-A INPUT -s 200.233.152.111 -j DROP

But it this can be continued anytime from other ips.

My question is: Is there any method to disallow anyone to connect my pop3 server (except only me?) because my ip is dynamic from ISP side so I don't know how to make pop3 server know that it is exactly me connecting to. Thank you in advance!

© Server Fault or respective owner

Related posts about dovecot

Thunderbird doesn't show folders on a new Dovecot install

as seen on Server Fault - Search for 'Server Fault'
Hey, I set up a new mailserver with postfix and Dovecot some days ago, everything is working except for Thunderbird not showing any folders. Evolution shows me all folders. I migrated from a Courier install using imapsync. In the filesystem the folders don't have a INBOX in their name, so the… >>> More
How to start dovecot?

as seen on Server Fault - Search for 'Server Fault'
I'm building a web server to host multiple websites. I got everything working except the mail server. I'm using linode to host my vps and I've been following their tutorials. FYI, I'm using Ubuntu 11.10. Here is the link I've been following, http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10… >>> More
Dovecot install: what does this error mean?

as seen on Server Fault - Search for 'Server Fault'
I have postfix and dovecot installed on CentOS 6 (linode) along with MySQL. The table and user is already set up, postfix installed fine, but dovecot gives me this error in the mail log: Warning: Killed with signal 15 (by pid=9415 uid=0 code=kill) The next few lines say this: Apr 7 16:13:35 dovecot:… >>> More
Couldn't drop privileges: User is missing UID (see mail_uid setting)

as seen on Server Fault - Search for 'Server Fault'
I'm hoping I can use some help. I'm configuring dovecot_ldap, but I can't seem to be able to get dovecot to authenticate the ldap user. Below is my config and log info: hosts = 192.168.128.45:3268 dn = cn=Administrator,cn=Users,dc=company,dc=example,dc=com dnpass = "passwd" auth_bind = yes ldap_version… >>> More
Dovecot throws obsolete warnings, even though dovecot.conf updated on Ubuntu 11

as seen on Server Fault - Search for 'Server Fault'
In trying to set up SASL for dovecot on Ubuntu 11, I keep getting obsolete warnings in my log: Sep 10 15:33:53 server1 dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:24: passdb {} has been replaced by passdb { driver= } Sep 10 15:33:53 server1 dovecot: config: Warning:… >>> More

Related posts about pop3

pop3 IIS 6 , allow remote connections

as seen on Server Fault - Search for 'Server Fault'
I'm using a EC2 windows 2003 instance. I managed to install pop3 and i can connect to it locally (using outlook express with the remote desktop) and the server address is the machine name. I also added MX record on the DNS (mail.mydomain.com) but still i can't connect to the pop3 server remotely using… >>> More
Reading a POP3 server with only TcpClient and StreamWriter/StreamReader[SOLVED]

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to read mails from my live.com account, via the POP3 protocol. I've found the the server is pop3.live.com and the port if 995. I'm not planning on using a pre-made library, I'm using NetworkStream and StreamReader/StreamWriter for the job. I need to figure this out. So, any of the answers… >>> More
pop3 mail box Send/Recieve log

as seen on Stack Overflow - Search for 'Stack Overflow'
hello every body i want to write a code for some application in order to connect to a pop3 mailbox and log the send and recieve transactions done on the mailbox even by other users, or even read the built in log file if there is?! and Then send some notifications in some way to An admin Account i… >>> More
POP3 netcat protocol error

as seen on Stack Overflow - Search for 'Stack Overflow'
I tried to connect to my POP3 school server as part of my assignment. Now, I can connect to the server but the real problem is when I try to log in using the "USER" command. c:/>nc server.pop3.com 110 +OK Microsoft Exchange Server 2003 POP3 server version 6.5.7638.1 (server.pop3.com) ready. USER… >>> More
Reading a POP3 server with only TcpClient and StreamWriter/StreamReader

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to read mails from my live.com account, via the POP3 protocol. I've found the the server is pop3.live.com and the port if 587. I'm not planning on using a pre-made library, I'm using NetworkStream and StreamReader/StreamWriter for the job. I need to figure this out. So, any of the answers… >>> More