25 Jan
2017
25 Jan
'17
12:24 a.m.
On 24.01.2017 00:06, rej ex wrote:
Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session.
SMTP? Wouldn't that be handled by your MTA, not Dovecot?
AKi Tuomi wrote:
Since 2.2.27 we've had auth policy server support which can do this properly.
As I read the docs, the auth policy server would only get the hashed password, and wouldn't be able to record the plaintext password.
Maybe use the checkpassword hook?
http://wiki.dovecot.org/AuthDatabase/CheckPasswordJoseph Tam jtam.home@gmail.com