search for: auth_verbose

Hi at all, using deny passwd to restrict IMAP/POP3 access (https://wiki.dovecot.org/Authentication/RestrictAccess), I get deny passdb match messages: Feb 13 16:09:33 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): User found from deny passdb only with auth_verbose=yes, sets global or defined in passdb block. But if I set auth_verbose=yes, for every user not present in passwd-file, Dovecot logs: Feb 13 16:09:57 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): unknown user I know that if the account does not exist in th...

...eed pam if if I'm using /etc/dovecot/users ?? Or am I understanding you wrong? > > you have passdb block using pam. it is involved in the lookup process.? > > --- > Aki Tuomi > doveconf -n passdb userdb passdb { ? args = scheme=ARGON2ID username_format=%u /etc/dovecot/users ? auth_verbose = yes ? driver = passwd-file } userdb { ? args = scheme=ARGON2ID username_format=%u /etc/dovecot/users ? auth_verbose = yes ? driver = passwd-file }

...upporting settings or configs I need? My current/working dovecot settings, which have been running perfectly for well over a year now, are: $ dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2015-08-14/57aa6ed6ae98b4c7.crt ssl_key = </etc/ssl/certs/OHPR...

...repeatedly received a login failure. Unfortunately, this is typical of what I saw in the log file: Aug 8 03:53:50 lex dovecot: Dovecot starting up Aug 8 03:53:52 lex dovecot-auth: MySQL: connected to localhost Aug 8 03:55:13 lex imap-login: Disconnected: Inactivity [192.168.0.200] I enabled auth_verbose: auth_verbose = yes and checked my syslog.conf to make sure all priorities were being logged: mail.* /var/log/syslog/mail.log but still no additional verbosity. How should things look different when auth_verbose is enabled? Checking MySQL's log I could see that Dov...

...ch have been running perfectly for well over a year > > now, are: > > > > $ dovecot -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = </etc/ssl/ce...

Hello, tl;dr: Is there a way to get dovecot's auth to log failed smtp authentications without having to switch on "auth_verbose"? postfix version 2.11.0 and dovecot version 2.2.12 I'm currently migrating my postfix+courier to postfix+dovecot and so far it's working as expected. Except for logging smtp login failures. Despite Postfix logging successful authentications (see sample below), it doesn't log fai...

...ch have been running perfectly for well over a year > > now, are: > > > > $ dovecot -n > > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > > auth_debug_passwords = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > disable_plaintext_auth = no > > info_log_path = /var/log/dovecot_info > > mail_location = maildir:~/Maildir > > passdb { > > driver = shadow > > } > > protocols = imap > > ssl_cert = </etc/ssl/ce...

.... If anyone has actually done this I'd appreciate some tips. My various attempts have not been successful. Here is my current config: $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/m...

....conf.ext pass_attrs = uid=user,userPassword=password,host=host,homeDirectory=userdb_home,uidNu mber=userdb_uid,gidNumber=userdb_gid user_attrs = uid=%{ldap:uidNumber},gid=%{ldap:gidNumber},home=%{ldap:homeDirectory} [2] pass / user db's passdb { args = /etc/dovecot/dovecot-ldap.conf.ext auth_verbose = default default_fields = deny = no driver = ldap master = no mechanisms = name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never username_filter = } userdb { args = /etc/dovecot/special-userdb...

...sion=<fp5P5SBkhtMKAQE7> My configuration: # 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.2-RELEASE-p20 amd64? ufs auth_debug = yes auth_mechanisms = plain login external auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes auth_username_format = %Ln auth_verbose = yes disable_plaintext_auth = no lda_mailbox_autocreate = yes mail_debug = yes mail_gid = 999 mail_location = maildir:/mnt/mail/%n mail_uid = 999 namespace inbox { ? inbox = yes ? location = ? mailbox Drafts { ? ? special_use = \Drafts ? } ? mailbox Junk { ? ? special_use = \Junk ? } ? mailbox Sen...

as far as i understand postfix has no way to know the username of such failed logins like below, IMHO dovecot internally does because it verifies against the sql-userdatabase is there a way that dovecot logs the username? after ask the users to change their passwords for safety caused by Heartbleed it was easy to write a tool find forgotten devices in case of IMAP/POP3 but especially Apple

On 5/29/2015 9:25 AM, Dominik Breu <dominik at dominikbreu.de> wrote: > Hello Charles, > > the bare minimum ist just the first passdb entry > auth_master_user_separator = * > passdb { > driver = passwd-file > args = /etc/dovecot/passwd.masterusers > master = yes > pass = yes > } > > this will do the trick. Ok, this isn't working, I'm

.... Should I remove "passdb { drive = shadow } from the dovecot > configuration? > > Anybody? > > $ doveconf -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 3.10.17 x86_64 Slackware 14.1 > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > protocol...

I have been using UW's IMAP server and I am converting to Dovecot for Maildir support. When a user fails authentication, or a user does not exist, it appears that the same message is used for these events. Is there a way to indicate that the user does not exist (Invalid user), and authentication Failure (Failed Password)? Clearly these two failures indicate a different error in the system.

...??????????????????????????????????????????????????????????????????????????????????? mail server ip expire time # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1 auth_cache_size = 32 M auth_cache_ttl = 2 hours auth_debug = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ director_mail_servers = x.x.x.x director_servers = y.y.y.y disable_plaintext_auth = no mail_debug = yes passdb { ? args = nopassword=y proxy=y ? driver = static } service director { ? fifo_listener login/proxy-notify { ??? mode = 0666 ??? user = $default_login_use...

...my "args" file on the passdb ldap stanza: base = dc=example,dc=com auth_bind = yes pass_filter = (&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=%u)(BCMailDovecotProxyHost=*)) pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed. Harrison Metzger

...:95400500:95400513:Administrator:/home/DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G >> >> Authentication and quota - now OK. But doesn't work sending and receiving mail... >> postfix say 'Unknown user'... >> >> >> Turn on auth_debug and auth_verbose and see what it says. >> >> Aki Also you can set auth_username_format = %Ln to force usernames into lowercase without domain. Aki

...login_dir = /var/run/dovecot-login login = imap login = pop3 default_mail_env = maildir:/var/spool/virtualmail/%d/%n mbox_locks = fcntl auth = dovecot-auth auth_mechanisms = plain auth_default_realm = CASA.CULT.CU auth_userdb = ldap /etc/dovecot-ldap.conf auth_passdb = pam dovecot auth_user = root auth_verbose = yes auth_debug = yes dovecot-ldap.conf hosts = ldap.casa.cult.cu base = ou=CASA,dc=casa,dc=cult,dc=cu dn = cn=unix-conector,cn=Users,dc=casa,dc=cult,dc=cu dnpass = ***** ldap_version = 3 deref = never scope = subtree user_global_uid = 500 user_global_gid = 500 user_attrs = mail,/var/spool/virtua...

Hi- A couple of comments regarding the POP3 server (I realize the POP3 server is probably low priority though..) One problem is that the "LAST" command is not supported. Some mail clients end up downloading all messages every time because of this (or so I'm told). The biggest source of these remarks is people using the yahoo webmail front end. I wonder if this could be added?

...ed the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT ->Only the last try gets logged. If I enable auth_verbose every attempt gets logged, but if I read the docs correctly this option should only be used for figuring out why authentication isn't working. Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it? This wo...