Banned 1300+ IPs so far. WTF is up with the brute for attack on user "c
From email@example.com@21:1/5 to All on Fri May 17 06:31:50 2019
My server had never had a user named chamrone. It's doesn't look significant and it's not an admin account I'm aware of, but someone/something has been trying to brute force the password for over a month now by attempting an IMAP login.
They try 1 password from 1 IP address, then never use that IP again, or use it maybe once more. I ban each IP after the first try, however I'm just really confused by this.
The IPs are from all over the world, although few/none from the US, where I'm located.
Someone with a large botnet is spending time trying to guess the password for a nonexistent user.
Does anybody have any ideas what the purpose for this is?
It's not a security risk (AFAIK) because there is no user, but it's so persistent that I'm starting to think that something is going on that I'm just not aware of.