[Dovecot] MS Exchange IMAP Proxy (Logging Auth Failures?)

Terry Carmen terry at cnysupport.com
Mon Dec 5 23:05:08 EET 2011


----- Message from Timo Sirainen <tss at iki.fi> ---------
     Date: Mon, 5 Dec 2011 21:49:15 +0200
     From: Timo Sirainen <tss at iki.fi>
Reply-To: Dovecot Mailing List <dovecot at dovecot.org>
  Subject: Re: [Dovecot] MS Exchange IMAP Proxy (Logging Auth Failures?)
       To: Terry Carmen <terry at cnysupport.com>
       Cc: dovecot at dovecot.org


> On 5.12.2011, at 19.16, Terry Carmen wrote:
>
>> It's working beautifully!
>>
>> Is there any way to get it to log failed login attempts with the  
>> user's IP address?
>
> auth_verbose=yes

Got it.

syslog_facility = mail
auth_verbose = yes
auth_verbose_passwords = plain
auth_debug = yes
mail_debug = yes

I'm sure they're not all necessary. I was turning on all the logging I  
could find. 8-)

The log looks like this:

Dec  5 15:29:49 it dovecot: auth: Debug: auth client connected (pid=12028)

Dec  5 15:30:03 it dovecot: auth: Debug: client in:  
AUTH#0111#011PLAIN#011service=imap#011secured#011lip=10.1.2.3#011rip=123.123.123.123#011lport=143#011rport=40816#011resp=<hidden>

Dec  5 15:30:03 it dovecot: auth: Debug:  
imap(username,123.123.123.123): lookup host=10.1.16.226 port=143

Dec  5 15:30:03 it dovecot: auth: Debug: imapc(10.1.2.3:143): Looking  
up IP address

Dec  5 15:30:03 it dovecot: auth: Debug: imapc(10.1.2.3:143):  
Connecting to 10.1.2.3:143

Dec  5 15:30:03 it dovecot: auth: Debug: imapc(10.1.2.3:143): Server  
capabilities: IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS MAILBOX-REFERRALS  
NAMESPACE LITERAL+ UIDPLUS CHILDREN AUTH=NTLM

Dec  5 15:30:03 it dovecot: auth: Debug: imapc(10.1.2.3:143):  
Authenticating as username

Dec  5 15:30:03 it dovecot: auth: Debug: imapc(10.1.16.226:143): Disconnected

Dec  5 15:30:05 it dovecot: auth: Debug: client out:  
FAIL#0111#011user=username

The last line *almost* gets me enough for a fail2ban filter, but not  
quite, since there's no IP address.

Is there something else I can turn on?

Thanks,

Terry





More information about the dovecot mailing list