Log authentication attempts
Joseph Tam
jtam.home at gmail.com
Tue Jan 24 22:24:18 UTC 2017
On 24.01.2017 00:06, rej ex wrote:
> Because we are building some monitoring application, we will need to
> record all failed and successful login attempts. We need to record
> remote IP, entered password in plain text, and if possible whether auth
> request is for SMTP or IMAP session.
SMTP? Wouldn't that be handled by your MTA, not Dovecot?
AKi Tuomi wrote:
> Since 2.2.27 we've had auth policy server support which can do this
> properly.
As I read the docs, the auth policy server would only get the hashed password, and
wouldn't be able to record the plaintext password.
Maybe use the checkpassword hook?
http://wiki.dovecot.org/AuthDatabase/CheckPassword
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list