[Dovecot] dovecot-auth: gkr-pam: error looking up user information for: IP ?

Duane Hill duane at duanemail.org
Fri Jul 8 17:11:26 EEST 2011


Friday, July 8, 2011, 4:54:19 AM, babajaga wrote:

> I am receiving a lot of error messages
> dovecot-auth: gkr-pam: error looking up user information for: <user>

> Unfortunately, I do not see the IP of the remote client, trying to break in.
> Is there any possibility to get it ? Would be useful to block the IP.

You didn't state the version of Dovecot you were running. Here I have
Dovecot 2.0.12.

I have set in the config:

auth_verbose = yes
auth_verbose_passwords = sha1

It logs the sha1 hash of the password attempt. I also have a cron set
up to email me the password attempts from the previous day:

# Check for email accounts that have login attempts with
#     incorrect passwords from the previous day.
0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2

From the commented config file 10-logging.conf:

# Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
#auth_verbose_passwords = no

-- 
Best regards,
 Duane                            mailto:duane at duanemail.org



More information about the dovecot mailing list