Hi,
I have a setup with Dovecot handling a few virtual domains delivering
mails to both local Unix account mailboxes and seperate mailboxes for
virtual users defined in a MySQL database. A quick overview of the
configuration shows two passdb definitions:
auth default {
mechanisms = plain login
passdb pam {
args = dovecot
}
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb passwd {
args = mail=maildir:~/Maildir blocking=yes
}
userdb static {
args = uid=vmail gid=mail home=/var/spool/vmail/%d/%n allow_all_users=yes
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
!include_try /etc/dovecot/auth.d/*.auth
}
When a virtual user defined in the MySQL database tries to log in using
IMAP or SMTP I always get auth failures logged in the system logs.
Entries are like this:
Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
ruser=luser at mydomain.com rhost=85.224.xx.xx
I assume these failures comes form the fact that PAM doesn't recognize
the virtual users and Dovecot continues to the SQL passdb entry. As a
result I get a _lot_ of auth failures in the logs.
I have tried to come up with a way where the auth failures from PAM
arent't logged if the the SQL authenication is successful. Is this
possible or are there any other recommended ways to handle this?
/PH
--
Per-Henrik Lundblom email: ph at whatever.nu
phone: +46 733 207126 webpage: www.whatever.nu
Hi,
Also attached a dovecot -n dump:
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.04.4 LTS ext4
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
first_valid_uid: 117
mail_privileged_group: mail
mail_location: maildir:/var/spool/vmail/%d/%n/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
lda:
postmaster_address: postmaster at mydomain.com
auth_socket_path: /var/run/dovecot/auth-master
log_path: /var/spool/vmail/dovecot-deliver.log
auth default:
mechanisms: plain login
passdb:
driver: pam
args: dovecot
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: passwd
args: mail=maildir:~/Maildir blocking=yes
userdb:
driver: static
args: uid=vmail gid=mail home=/var/spool/vmail/%d/%n
allow_all_users=yes
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: mail
/PH
--
Per-Henrik Lundblom epost: ph at whatever.nu
telefon: 0733-20 71 26 hemsida: www.whatever.nu
Hi,> When a virtual user defined in the MySQL database tries to log in using > IMAP or SMTP I always get auth failures logged in the system logs. > Entries are like this: > > Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot > ruser=luser at mydomain.com rhost=85.224.xx.xx > > I assume these failures comes form the fact that PAM doesn't recognize > the virtual users and Dovecot continues to the SQL passdb entry. As a > result I get a _lot_ of auth failures in the logs. > > I have tried to come up with a way where the auth failures from PAM > arent't logged if the the SQL authenication is successful. Is this > possible or are there any other recommended ways to handle this?How do other users solve this issue? The simple way is to just ignore all the logged auth failures but that seems too easy. /PH -- Per-Henrik Lundblom email: ph at whatever.nu cell: +46 733-20 71 26 webpage: www.whatever.nu
Seemingly Similar Threads
- applicationmap and ChannelRedirect
- Problem with using both pam_listfile to deny logins and pubkey authentication
- canĀ“t access share by name, but on ip
- offline folders problem with W2k SP2
- 1.11 bug?: file client-common.c: line 25 (client_unlink): assertion failed: (clients_count > 0)