Hello,
tl;dr: Is there a way to get dovecot's auth to log failed smtp authentications without having to switch on "auth_verbose"? postfix version 2.11.0 and dovecot version 2.2.12
I'm currently migrating my postfix+courier to postfix+dovecot and so far it's working as expected. Except for logging smtp login failures.
Despite Postfix logging successful authentications (see sample below), it doesn't log failed smtp logins. Feb 25 22:28:53 mailer2 postfix/submission[20274]: C981B20198: client=A-B-C-D.*****.net[A.B.C.D]:63107, sasl_method=PLAIN, sasl_username=joe@example.net
And since my postfix setup authenticates virtual users through Dovecot's auth, I thought maybe dovecot could report smtp login failures the same way it reports imap and pop3 login failures. Below is a sample extracted from "info_log_path" after several imap and pop3 login failures. (Obviously the IP 255.... is made up and irrelevant for this mater).
# begin extract "/var/log/dovecot-info.log" 2014-02-27 21:14:26 auth: Info: passwd-file(joe@example.net,255.255.255.255,<Y0lbzmnzfwAuQV80>): Password mismatch 2014-02-27 21:16:46 auth: Info: passwd-file(foobar,255.255.255.255,<Y0lbzmnzfwAuQV80>): unknown user 2014-02-27 21:52:00 auth: Info: passwd-file(foo@example.net,255.255.255.255,<0Su6VGrzGwAuQV80>): unknown user 2014-02-27 21:53:35 auth: Info: plain(?,255.255.255.255,<0Su6VGrzGwAuQV80>): Empty username 2014-02-27 21:53:55 auth: Info: plain(?,255.255.255.255,<0Su6VGrzGwAuQV80>): Username character disallowed by auth_username_chars: 0x5c (username: \0) 2014-02-27 22:08:05 auth: Info: plain(?,255.255.255.255): invalid input 2014-02-27 22:09:36 auth: Info: passwd-file(joe@example.net,255.255.255.255): Password mismatch 2014-02-27 22:09:53 auth: Info: login(?,255.255.255.255): Empty username # end extract
I've tried adding "-L -o info_log_path=/var/log/dovecot-info.log" to the both auth and auth-worker services but that yield nothing.
----------------------%<--------------------------------
auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S "
passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/virtual_users driver = passwd-file }
userdb { args = username_format=%u /etc/dovecot/virtual_users default_fields = uid=vmail gid=vmail driver = passwd-file override_fields = home=/home/vmail/%d/%u result_failure = return-fail result_internalfail = return-fail }
service auth-worker { executable = auth -w -L -o info_log_path=/var/log/dovecot-info.log }
service auth { executable = auth -L -o info_log_path=/var/log/dovecot-info.log unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix user = postfix mode = 0660 } }
service lmtp { executable = lmtp -L -o info_log_path=/var/log/dovecot-info.log unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix user = postfix mode = 0660 } }
---------------------->%--------------------------------
The relevant postfix config is ...
smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth virtual_transport = lmtp:unix:private/dovecot-lmtp