On 20/06/2023 07:17, Shawn Heisey wrote:
Hmm. Maybe I am wrong. I grepped my log for inactivity disconnects that do not say "auth failed". All of the things it found were for my email address, and had a timeout of 1800 seconds, not 180 seconds like the ones for the other user that say "auth failed."
https://wiki.dovecot.org/Timeouts
180 seconds is the "CLIENT_LOGIN_TIMEOUT_MSECS", which means the user has *not* been authenticated yet.
I can reproduce the message you're seeing through a simple IMAP session like this:
~ % telnet <mailserver> 143 Trying <ip>... Connected to <mailserver>. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] <mailserver> ready. a1 login foo bar a1 NO [AUTHENTICATIONFAILED] Authentication failed.
[3 minutes later]
- BYE Disconnected for inactivity.
This produces the following log output:
imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts in 174 secs): user=<foo>, orig=<foo>, method=PLAIN, proto=imap, rip=[rip], lip=[lip], session=[session_id]
It seems likely that the logs you're seeing are actually sessions with no successful login. If that weren't the case, you should be able to find a log line for the successful login if you search your logs for the IMAP session ID, e.g. something like:
imap-login: Info: Login: user=<foo>, orig=<foo>, method=PLAIN, proto=imap, rip=[rip], lip=[lip], session=[session_id], secured
Best regards, Eirik