babajaga
2011-Jul-08 09:54 UTC
[Dovecot] dovecot-auth: gkr-pam: error looking up user information for: IP ?
I am receiving a lot of error messages dovecot-auth: gkr-pam: error looking up user information for: <user> Unfortunately, I do not see the IP of the remote client, trying to break in. Is there any possibility to get it ? Would be useful to block the IP. -- View this message in context: http://old.nabble.com/dovecot-auth%3A-gkr-pam%3A-error-looking-up-user-information-for%3A-IP---tp32020246p32020246.html Sent from the Dovecot mailing list archive at Nabble.com.
Duane Hill
2011-Jul-08 14:11 UTC
[Dovecot] dovecot-auth: gkr-pam: error looking up user information for: IP ?
Friday, July 8, 2011, 4:54:19 AM, babajaga wrote:> I am receiving a lot of error messages > dovecot-auth: gkr-pam: error looking up user information for: <user>> Unfortunately, I do not see the IP of the remote client, trying to break in. > Is there any possibility to get it ? Would be useful to block the IP.You didn't state the version of Dovecot you were running. Here I have Dovecot 2.0.12. I have set in the config: auth_verbose = yes auth_verbose_passwords = sha1 It logs the sha1 hash of the password attempt. I also have a cron set up to email me the password attempts from the previous day: # Check for email accounts that have login attempts with # incorrect passwords from the previous day. 0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2 From the commented config file 10-logging.conf: # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no -- Best regards, Duane mailto:duane at duanemail.org