> Jun 27 12:03:27 bubba dovecot: auth:
> ldap(SomeUser at MyDomain.com,127.0.0.1): invalid credentials
>
> The only other thing I can think of - Postfix runs on this server and
> uses Dovecot SASL. Is it possible the Dovecot auth log line is caused
> by a Postfix connection attempt?
That would have been my first guess. Why don't you actually try it
out (i.e. login in to SMTP with bad credentials) and see if the
mysterious log entry appears.
# Create bogus SMTP auth string
AUTH=`echo "\0user\0badpassword\c" | openssl enc -base64`
# SMTP session commands
echo "EHLO test.client.helo\nAUTH PLAIN $PW\nQUIT" >data
# Use whichever command your Postfix supports "250-AUTH PLAIN"
# - if you greet pause, you'll have to enter data manually
netcat -C mailserver 25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:587 <data
openssl s_client -crlf -quiet -connect mailserver:465 <data
Joseph Tam <jtam.home at gmail.com>