as far as i understand postfix has no way to know the username of such failed logins like below, IMHO dovecot internally does because it verifies against the sql-userdatabase is there a way that dovecot logs the username? after ask the users to change their passwords for safety caused by Heartbleed it was easy to write a tool find forgotten devices in case of IMAP/POP3 but especially Apple clients force to enter the new password seperated for incoming and outgoing server and don't tell the user if things don't work so there is really a need support them and fuzzy logic based on the last successful IMAP/POP3 login from a IP and failed send attempts from the same IP shortly after receive mail leaves a bad taste of only a guess May 18 11:19:09 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 18 11:19:15 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20140518/70ca6cc0/attachment.sig>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 18 May 2014, Reindl Harald wrote:> is there a way that dovecot logs the username?Did you've tried: # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no maybe auth_debug? I would suppose that this setting applies to all auth attempts. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3muOXz1H7kL/d9rAQJzTAf/R7FWiGcO98/u8SlVZhb+82pMLggs/+tx C7ZSPM7u8b1JA3pmSf4YC750ufxnWjlrgVHwtnEuBfgE6kLd18zvyV97Edy4oF8Z n5oRX9e9bAJnY/Q8Y85tIdDJ5RYBAYwM/qybGhUwg+BEI6hOdGbAtV3u7BpV6t1/ H4qouUWvONaKuZX8dWJy0Xd7zTHbXzyOjmzr3dqQsHZE+27hJ+OmBemToxhB+6Wz ZEFDDXEQmsG9md/wusBCXkeqZBiplgYBb531WjtMY+PInrrVta8nylFGahkE99r3 u3YvfkUxmLflb29xbKQdQkIfGHgbJQcB8PXx9+/XYM6RHN92kjWKoQ==8XnD -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 18 May 2014, Reindl Harald wrote:> is there a way that dovecot logs the username?Did you've tried: # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no maybe auth_debug? I would suppose that this setting applies to all auth attempts. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU3muOXz1H7kL/d9rAQJzTAf/R7FWiGcO98/u8SlVZhb+82pMLggs/+tx C7ZSPM7u8b1JA3pmSf4YC750ufxnWjlrgVHwtnEuBfgE6kLd18zvyV97Edy4oF8Z n5oRX9e9bAJnY/Q8Y85tIdDJ5RYBAYwM/qybGhUwg+BEI6hOdGbAtV3u7BpV6t1/ H4qouUWvONaKuZX8dWJy0Xd7zTHbXzyOjmzr3dqQsHZE+27hJ+OmBemToxhB+6Wz ZEFDDXEQmsG9md/wusBCXkeqZBiplgYBb531WjtMY+PInrrVta8nylFGahkE99r3 u3YvfkUxmLflb29xbKQdQkIfGHgbJQcB8PXx9+/XYM6RHN92kjWKoQ==8XnD -----END PGP SIGNATURE-----
Am 19.05.2014 09:09, schrieb Steffen Kaiser:> On Sun, 18 May 2014, Reindl Harald wrote: >> is there a way that dovecot logs the username? > > Did you've tried: > > # Log unsuccessful authentication attempts and the reasons why they failed. > #auth_verbose = no > > maybe auth_debug? > > I would suppose that this setting applies to all auth attemptsi talk about standard logging in a production environment not for a short period of debugging but always and forever, the current postfix "login failed" log is unhelpful if it logs failed POP3/IMAP logins without debug mode why not SASL auth? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 246 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20140519/e6afb3b6/attachment.sig>