Dovecot High Load (brute force?)

Jun 10, 2016
5
0
1
Chile
cPanel Access Level
Root Administrator
- Removed Please Attach Images to Your Posts -

I dont not how to deal with this.
Thousand of process:
/usr/local/cpanel/bin/dovecot-wrap /usr/libexec/dovecot/checkpassword-reply

the only way to stop the server down was this command:
pkill -f checkpassword-reply

what can i do?
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Most probably a brute force against dovecot

CSF might help mitigate some of these attacks

The following thread might be of some use:

Brute force against dovecot
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello

Did you notice login attempts in the /var/log/maillog file when this was happening? That's a quick way of determining if it's a brute force attack causing the issue.

Thank you.