[Dovecot] catching authentication failures with LDAP backend

Udo Rader listudo at bestsolution.at
Sat Dec 6 20:04:43 EET 2008


Seth Mattinen schrieb:
> Udo Rader wrote:
>> Udo Rader schrieb:
>>> Hi,
>>>
>>> we have recently been hit by a couple of brute force password attacks 
>>> against dovecot. So what I want to do now is to add dovecot to 
>>> fail2ban in order to block further attacks.
>>>
>>> However, I don't seem to be able to find out password verifification 
>>> failures for our LDAP based user data.
>>>
>>> The only thing I see are loads of lines like these in the logfiles:
>>>
>>> -------CUT-------
>>> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: 
>>> user=<ludovic>, method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
>>> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luna>, 
>>> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
>>> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luke>, 
>>> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
>>> -------CUT-------
>>>
>>> Googling the web I found that PAM based authentication obviously 
>>> gives a matchable error message, but for some reasons the ldap 
>>> backend does not - or does it?
>>>
>>> Any pointers highly appreciated :-)
>>
>> Solved it myself, adding changing to "auth_verbose = yes" in 
>> dovecot.conf solved it.
>>
>> Any reasons why this isn't enabled by default?
>>
> 
> Because it's a debugging switch.

hmm, that's weird then.

Without turning on this "debugging switch" (LDAP) authentication 
failures are not logged, so that's a pretty essential functionality 
missing then.

--
Udo Rader, CTO
http://www.bestsolution.at


More information about the dovecot mailing list