ConfigServer Community Forum

Code: Select all

if (($config{LF_POP3D}) and ($lgfile eq $config{POP3D_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ [^\s\.]+ dovecot: pop3-login: (Aborted login|Disconnected) \(auth failed, \d+ attempts\): (user=(<\S*>)?, )?method=\S+, rip=(\d+\.\d+\.\d+\.\d+), lip=\S+\s*$/)) {
		return ("Failed POP3 login from",$4,"pop3d");
	}

Code: Select all

	if (($config{LF_POP3D}) and ($lgfile eq $config{POP3D_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ [^\s\.]+ dovecot\[\d+\]:\spop3-login: (Aborted login|Disconnected)\s\(auth failed, \d+ attempts\):\suser=(<\S*>),\smethod=\S+, rip=(\d+\.\d+\.\d+\.\d+)/)) {
		return ("Failed POP3 login from",$3,"pop3d");
	}

Code: Select all

Time:     Fri Jul 10 19:14:46 2009 -0400
IP:       78.152.106.252 (IT/Italy/-) (Note: This is a Permanent block)
Failures: 50 (pop3d)
Interval: 90 seconds
Blocked:  Yes

Log entries:

Jul 10 19:14:30 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:30 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:31 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:31 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:31 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:31 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:32 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<office>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:32 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<office>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:32 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<webadmin>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:33 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<webadmin>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:33 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<virus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:33 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<virus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:34 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<cyrus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:34 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<cyrus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:34 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<cyrus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:34 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<cyrus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:35 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<michael>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:35 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<michael>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:35 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<michael>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:36 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<michael>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:36 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<ftp>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:36 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<ftp>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:37 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<ftp>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:37 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:37 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:37 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<ftp>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:38 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test1>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:38 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test1>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:38 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test2>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:39 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<test2>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:39 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:39 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<webmaster>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:39 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<webmaster>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:39 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:40 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postgres>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:40 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postgres>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:40 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postgres>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:40 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postgres>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:40 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:41 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<office>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:41 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:41 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<webadmin>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:41 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:41 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:42 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:42 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<cyrus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:42 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<virus>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:42 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:42 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x
Jul 10 19:14:43 hostname dovecot[4234]: pop3-login: Disconnected (auth failed, 1 attempts): user=<postfix>, method=PLAIN, rip=78.152.106.252, lip=x.x.x.x

Code: Select all

Jun 23 15:53:51 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<root>, method=PLAIN, rip=x.x.x.x, lip=y.y.y.y, session=<384oEyTDNADKgQtG>