All,
I have restricted access for several users using the Restring Access documentation https://doc.dovecot.org/2.4.0/howto/restrict_access.html
This was to cut down on the brute-force attempts against dovecot for certain users whose usernames/e-mails are routinely used.
I have a very simply passdb config:
passdb passwd-file { passwd_file_path = /etc/dovecot/deny.%{protocol} deny = yes } passdb pam { driver = pam } userdb pam { driver = passwd }
I created the /etc/dovecot/deny.imap file with one username per-line. But what confuses me is the server logs the exact same failure for unsuccessful login after restricting access as it did before restricting access. E.g.
2026-05-20T07:22:43.039585-05:00 valkyrie auth[28618]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=janice@mydomain.com rhost=70.186.179.37 2026-05-20T07:22:51.578711-05:00 valkyrie auth[28618]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=janice@mydomain.com rhost=70.186.179.37 May 20 07:25:36 valkyrie dovecot[1015]: imap-login: Login aborted: Inactivity (auth failed, 2 attempts in 177 secs) (auth_failed): user=<janice@mydomain.com>, method=PLAIN, rip=70.186.179.37, lip=192.168.6.14, TLS, session=<ouXP2T5SJpZGurMl>
Is this normal, or should dovecot respond to restricted users in some way that differs from a normal login failure?
All could be working fine, I'm just not certain about the log entries.
-- David C. Rankin, J.D.,P.E.