I’m using a self-hosted wordpress blog. I’m using Gmail to access my domain email accounts.
I want to know, is built-in email services such as exim, etc are necessary if we are using Gmail to manage emails? I have only 2 accounts on server: root and my personal account.
I have set “Mailserver selection” to Disabled in WHM settings.
My problem is that I regularly get following alerts from LFD:
Time: Sat Jan 5 08:53:07 2013 IP: x.x.x.x Failures: 2 (pop3d) Interval: 300 seconds Blocked: Permanent Block Log entries: Jan 5 08:53:00 host dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x Jan 5 08:53:03 host dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<sales>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x
I generally get 1 or 2 emails daily. I have set the pop3 login failure attempts to 2 before permanent block in firewall settings. But I want to know, is there any way to permanently stop these attacks?
Can I disable exim or any other thing which can stop these attackers?
Answer
Those attacks are against Dovecot, not Exim so disabling Exim won’t help.
If you are not using the server receiving mail and hosting mail boxes then you can disable Dovecot.
If you will be sending email from the server, for example WordPress sending out emails to subscribers then you will need to keep Exim running so that server can send out the email.
Update
Looking at the WHM manual (not used cPanel/WHM in a long time as I use DirectAdmin these days) it looks like you need to go in to the Service Manager and disable imap and pop services.
If you are unable to stop the services as a “quick fix” you could block the following TCP ports in CSF
993
995
110
143
This will block imap and pop3 connections on the standard ports and the over SSL/TLS ports
Attribution
Source : Link , Question Author : Another Blogger , Answer Author : Epaphus