Tag Archives: dovecot

Email Server Attack

Type: Brute Force
Protocol: POP3
OS: Linux 3.6.11+ armv6l
Platform: Pi Rev. B
Memory: 512M
Daemon: Dovecot 2.1.7-7
Backend Daemon: MySQL 5.5
Backend OS: Linux 2.6.32-5-amd64
Backend Platform: Generic AMD A4-3400 APU Dual Core
Backend Memory: 3.5G
Total Attempts: 13356
Avg. Attempt/s: 2.71

Postmortem: was *unable* to successfully authenticate to any valid user.
Attack was mitigated at the firewall (DROP).
abuse@integratelecom.com was contacted about this event.

Building a MySQL Capable Postfix RPM

Build Environment:
CentOS 5 x86_64
Postfix 2.3.3 Sources
gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)

2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

# Get the src
1) wget http://mirror.centos.org/centos/5.3/centosplus/SRPMS/postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm

# Install the src RPM
2) rpm -i postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm

# Install some dependencies I didn’t have
3.1) yum install pcre-devel
3.2) yum install rpm-build
3.3) yum install mysql-devel.x86_64 openldap-devel.x86_64 db4-devel.x86_64
3.4) yum install gcc.x86_64

# Edit SPECS; remove postgres support
4.1) cd /usr/src/redhat/SPECS
4.2) vi postfix.spec and change “%%define PGSQL 1” to “%define PGSQL 0”
# I didn’t want Postgres support
4.3) “%define MYSQL 1” was already defined for me