![]() Looking in the ufw.log, I see that connection attempts from my home to the server at port 996 were rejected during this night. ![]() The dovecot process is listening on 0.0.0.0:996 and :::996. It looks like iptables is not properly working or could be circumvented. I rebooted before 12:00.įeb 18 12:37:28 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 12:37:31 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 12:37:58 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 12:38:00 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 13:11:12 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 13:11:14 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 13:11:33 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170įeb 18 13:11:36 srv01 auth: pam_unix(dovecot:auth): authentication failure logname= uid=0 euid=0 tty=dovecot ruser=xxx rhost=185.211.245.170 But I now have again connections from 185.211.245.170. Update 1: I rebooted and got an hour relief, but I get connection attempts again. Why is ufw not taking these deny rules into account ? I added the network deny rules with the following command: I have now connection attempts from another address from this network. ![]() ![]() I have postfix and ssh ports open, but he focus on dovecot. I changed the listening port of the dovecot server, but he finds the new port and keeps trying to login. It’s only when I specify an IP address that the rule has apparently an effect. I have added a ufw deny rule for a network since he keeps picking different addresses from the same small network, but these deny rules don’t seam to have any effect. Someone keeps trying to login in my dovecot server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |