For a couple months or so I have noticed that failed dovecot logins do not print the offending IP address in /var/log/secure which prevents fail2ban from blocking appropriate ports. All had worked well for several years. Box is 5.7 fully updated. I found this bug against cyrus-sasl which sounds like it might be related: https://bugzilla.redhat.com/show_bug.cgi?id=683797 On the box in question,> rpm -q cyrus-saslcyrus-sasl-2.1.22-5.el5_4.3 Is anyone else seeing this? Thanks in advance. B.J. --