Friday, July 8, 2011, 4:54:19 AM, babajaga wrote:
I am receiving a lot of error messages dovecot-auth: gkr-pam: error looking up user information for: <user>
Unfortunately, I do not see the IP of the remote client, trying to break in. Is there any possibility to get it ? Would be useful to block the IP.
You didn't state the version of Dovecot you were running. Here I have Dovecot 2.0.12.
I have set in the config:
auth_verbose = yes auth_verbose_passwords = sha1
It logs the sha1 hash of the password attempt. I also have a cron set up to email me the password attempts from the previous day:
# Check for email accounts that have login attempts with # incorrect passwords from the previous day. 0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2
From the commented config file 10-logging.conf:
# Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no
-- Best regards, Duane mailto:duane@duanemail.org