We alse have same problem, now we are running Dovecot 2.2.30.2 and also use
Dovecot SASL for SMTP authentication (postfix 2.11).
We need to save all failed login attempts to database as source IP address,
username and date and time but post-login script can do this but only after
successful login. Failed login attempts information may be useful in the
fight with bruteforce attacks.
It's possible to execude some script after failed login ("Password
mismatch") ?
Regards,
Jacek
> On June 12, 2017 at 3:39 PM "j.emerlik" <j.emerlik at gmail.com> wrote: > > > We alse have same problem, now we are running Dovecot 2.2.30.2 and also use > Dovecot SASL for SMTP authentication (postfix 2.11). > We need to save all failed login attempts to database as source IP address, > username and date and time but post-login script can do this but only after > successful login. Failed login attempts information may be useful in the > fight with bruteforce attacks. > It's possible to execude some script after failed login ("Password > mismatch") ? > > Regards, > JacekYou can try to do this using our auth policy API. See https://wiki2.dovecot.org/Authentication/Policy It will report both successful and unsuccessful authentication with fields you specify. Aki
>> On June 12, 2017 at 3:39 PM "j.emerlik" <j.emerlik at gmail.com> wrote:>> We alse have same problem, now we are running Dovecot 2.2.30.2 and also use >> Dovecot SASL for SMTP authentication (postfix 2.11). >> We need to save all failed login attempts to database as source IP address, >> username and date and time but post-login script can do this but only after >> successful login. Failed login attempts information may be useful in the >> fight with bruteforce attacks. >> It's possible to execude some script after failed login ("Password >> mismatch") ?>> Regards, >> JacekAT> You can try to do this using our auth policy API. See AT> https://wiki2.dovecot.org/Authentication/Policy If you do get this working [logging failed auth's] I'd personally be very interested in your script so we could reproduce it in our environment too. If you'd be willing to share, I'd be grateful. [I'm pretty sure others would be too.] -Greg
Em 12/06/17 09:39, j.emerlik escreveu:> Failed login attempts information may be useful in the > fight with bruteforce attacks. >fail2ban is your friend, it can analyze the logs, no need for saving that on database. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it
I need to save that to database because I have more then one mail server and them must share each other failed login attempts information. I'll try check how Dovecot Authentication Policy works. --JAcek 2017-06-12 16:50 GMT+02:00 Leonardo Rodrigues <leolistas at solutti.com.br>:> Em 12/06/17 09:39, j.emerlik escreveu: > >> Failed login attempts information may be useful in the >> fight with bruteforce attacks. >> >> > fail2ban is your friend, it can analyze the logs, no need for saving > that on database. > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, N?O mandem email > gertrudes at solutti.com.br > My SPAMTRAP, do not email it >