I had a user telling me that they can't login to the Postfix email server via Webmail (RoundCube) and I decided to see if I could locate this issue in the logs and understand if the user was simply using a wrong password credential and or something more serious. More than likely the person is just using a wrong password but in search of this on my logs, I don't understand why Dovecot doesn't log failed login attempts. When I attempted to login with a wrong password, I show the following in my logs: [root at mail log]# cat /var/log/maillog | grep 'Jan 5' | grep -i 'dovecot' | grep -i 'carlos' Jan 5 11:00:13 mail dovecot: imap-login: Disconnected: user=<carlos>, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10 Is there a log level or something I am not searching for that will allow me to see failed or invalid logins for Dovecot (IMAP)? Thanks!
On 11:59 AM, Carlos Williams wrote:> > Is there a log level or something I am not searching for that will > allow me to see failed or invalid logins for Dovecot (IMAP)?What auth method are you using? For example, if you are using pam, the failures are probably in /var/log/secure. -- Mark Sapiro <mark at msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Tue, 5 Jan 2010 11:09:07 -0500, Carlos Williams <carloswill at gmail.com> wrote:> I had a user telling me that they can't login to the Postfix email > server via Webmail (RoundCube) and I decided to see if I could locate > this issue in the logs and understand if the user was simply using a > wrong password credential and or something more serious. More than > likely the person is just using a wrong password but in search of this > on my logs, I don't understand why Dovecot doesn't log failed login > attempts. > > Is there a log level or something I am not searching for that will > allow me to see failed or invalid logins for Dovecot (IMAP)?# In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no auth_debug_passwords = yes