Chris Adams wrote:

> Basically, if you plug a server into the Internet, it _will_ be
> attacked. POP, IMAP, SMTP, SSH, FTP, and more will be probed, looking
> for valid usernames/passwords (so always enforce password security on
> your users).

Google "imap attacks" and see how far back into the remote past the
reports go.
>
> I know denyhosts (in EPEL) can watch the SSH log and add bad IPs to
> /etc/hosts.deny, but I don't know if it can parse dovecot log entries as
> well.

I had the same thought. You could force your users to tunnel imap through
ssh, but this could be a major educational/support headache. A simpler,
security-by-obscurity approach would be to run imapd on a different port
than the default. Users would only have to change one little thing in
their config.

--
Tim Evans, TKEvans.com, Inc.   |  5 Chestnut Court
UNIX System Admin Consulting   |  Owings Mills, MD 21117
http://www.tkevans.com/      |  443-394-3864
http://www.come-here.com/News/ |  tkevans@(protected)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list