Hi , i am having an issue with dovecot , in log files of imap inactivity lines have the word included "auth failed" , witch is not true , what happens next is that fail2ban is looking for that word too in log file of dovecot ,and when it finds it it bans my public ip address . Is there any change to change this behavior in dovecot , what i mean is to insert "auth failed" when in fact it is an authentication failed , and not use it as general for every thing in log file .
Dovecot Version : 2.3.19.1 (9b53102964)
Log imap line with issues :
dovecot: imap-login: Disconnected: Inactivity (auth failed, 1 attempts in 180 secs): user=myemail@mydomain, method=PLAIN, rip=xxx.xxx.xx.xx, lip=xxx.xxx.xxx.xxx, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits), session=
Thank you