Too many brute force attacks from ip


Verified User
Nov 16, 2010
I'm getting too many brute force attack notifications for ip since this is server ip it's probably something internal. Attacks are all on same domain, but on different user names. In brute force monitor this is one line of log

ID IP User Attempts Filter Log Entry
13206481810011 1 dovecot1 Nov 7 07:42:39 hosting dovecot[2711]: imap-login: Disconnected (auth failed, 1 attempts): user=<>, method=PLAIN, rip=, lip=, secured

attacks are always on dovecot and attempts are always just 1
is this maybe from some hacked file on server, where should i start to look for solution.