log failed plaintext password for specific user only

Aki Tuomi aki.tuomi at open-xchange.com
Wed Mar 23 10:11:10 UTC 2022


> On 23/03/2022 11:47 mj <lists at merit.unu.edu> wrote:
> 
>  
> Hi,
> 
> We are logging failed authentication attempts, with the attempted 
> password as auth_verbose_passwords=sha1
> 
> The question: is it possible to configure auth_verbose_passwords=plain 
> for a specific user only? Turning it on globally would be too much 
> sensitive information for the purpose.
> 
> Reason:
> 
> We are currently observing a high number of failed authentications for a 
> specific user, coming from *many* diffirent IPs across the globe, with 
> most IPs only trying once or twice, making this difficult to block. The 
> number of failed authentications cause this account to regularly become 
> blocked in AD.
> 
> We would like to know if they are trying older actual passwords from the 
> user, or if it's just dictionary attack.
> 
> Thanks!

Well, is the sha1 value same every time? If it is, then they are trying same password each time.

Aki


More information about the dovecot mailing list