Michael Ruiz
2021-Feb-03 18:08 UTC
Logfile flooding with lookup failure for root user using pam
Hi all, I am getting the error where root is constantly being lookedup over imap I am guessing. I am pretty sure services like fail2ban and logwatch are setup to send from another user instead of root @ localhost so I think this may be an imap issue. I tried adding root to /etc/dovecot/deny-users , but this error still persists.?I know imap as root is a big security issue and is disabled, but I cannot pinpoint how or why this is happening so often. I am using PAM and passwd for authentication and authorization. How can I prevent root user from being looked up in the first place ? Regards, Michael dovecot[606167]: lmtp(606199): Error: lmtp-server: conn unix:pid=606196,uid=73 [2]: rcpt root@<domain>: Failed to lookup user root@<domain>: Invalid settings in userdb: userdb returned 0 as uid replaced my domain name with <domain> in this example.
Koga Hayashi
2021-Feb-16 10:00 UTC
Logfile flooding with lookup failure for root user using pam
Michael, Your Dovecot's LMTP is just looking up root because mails are sent to root. If you don't want root to be looked-up, then you just have to prevent being sent to root, I guess. Are the mails sent to postmaster addressed to root in the alias file? Should check the alias on the postfix side. -----Original Message----- From: dovecot <dovecot-bounces at dovecot.org> On Behalf Of Michael Ruiz Sent: Thursday, February 4, 2021 3:09 AM To: dovecot at dovecot.org Subject: Logfile flooding with lookup failure for root user using pam Hi all, I am getting the error where root is constantly being lookedup over imap I am guessing. I am pretty sure services like fail2ban and logwatch are setup to send from another user instead of root @ localhost so I think this may be an imap issue. I tried adding root to /etc/dovecot/deny-users , but this error still persists.?I know imap as root is a big security issue and is disabled, but I cannot pinpoint how or why this is happening so often. I am using PAM and passwd for authentication and authorization. How can I prevent root user from being looked up in the first place ? Regards, Michael dovecot[606167]: lmtp(606199): Error: lmtp-server: conn unix:pid=606196,uid=73 [2]: rcpt root@<domain>: Failed to lookup user root@<domain>: Invalid settings in userdb: userdb returned 0 as uid replaced my domain name with <domain> in this example.