[Dovecot] dovecot-auth: gkr-pam: error looking up user information for: IP ?
Duane Hill
duane at duanemail.org
Fri Jul 8 17:11:26 EEST 2011
Friday, July 8, 2011, 4:54:19 AM, babajaga wrote:
> I am receiving a lot of error messages
> dovecot-auth: gkr-pam: error looking up user information for: <user>
> Unfortunately, I do not see the IP of the remote client, trying to break in.
> Is there any possibility to get it ? Would be useful to block the IP.
You didn't state the version of Dovecot you were running. Here I have
Dovecot 2.0.12.
I have set in the config:
auth_verbose = yes
auth_verbose_passwords = sha1
It logs the sha1 hash of the password attempt. I also have a cron set
up to email me the password attempts from the previous day:
# Check for email accounts that have login attempts with
# incorrect passwords from the previous day.
0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2
From the commented config file 10-logging.conf:
# Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
#auth_verbose_passwords = no
--
Best regards,
Duane mailto:duane at duanemail.org
More information about the dovecot
mailing list