MisterWebNet

<<< Coding for the future >>>

Home Coding Server Emails Suspicious process running under user dovecot
Emails Suspicious process running under user dovecot  E-mail
Monday, 30 January 2012 23:17

CSF - Config Server and Firewall monitors the system for login/intrusions and notifies the root account of suspicious activity. In this case, our inbox was full of emails in the form;

Suspicious process running under user dovecot:

Executable:
/usr/libexec/dovecot/imap-login

Command Line (often faked in exploits):

imap-login

The emails might also be of the form;

Executable:

/usr/libexec/dovecot/pop3-login

If you no longer wish to receive these emails, you need to edit the file csf.pignore. This file lists the processes you wish to ignore.

Solution? Insert these lines into your csf.pignore file;

exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login

 
Last Updated on Monday, 30 January 2012 23:27
 

Add comment

We reserve the right to remove comments without notice. Users are responsible for their own comments and the contents contained within.


Security code
Refresh

ThugVillage.com
Mens Entertainment Magazine with girls, gadgets, indepth analysis, videos and much more
Best Flash Games
The best flash games on the net - 100% free!
HiredMedia
Off beat, deep-web, alternative videos