Aug 29 22:51:27 server1 dovecot: imap-login: Aborted login (no auth attempts): rip=(obfuscated), lip=173.50.101.12, TLS Aug 29 22:51:27 server1 dovecot: imap-login: Login: user=...........
before most every successful login, the same second of time, dovecot has the above message.
This is not a huge problem but our firewall is looking for aborted login attempts, for imap/pop3 (relevant to dovecot) dos attempts and, if many people start having problems of their packets being dropped, we will have to stop looking for the statement or lower security slightly, more attempts over a period of time before filtering.
However, thanks to your idle feature, there is less of these messages; so, I don't think we will have a problem. The only client that doesn't have a problem is our php webmail but we don't look in dovecot's log for failed attempts from here; as, it is from the same ip, to dovecot from php, constantly without reference to the user. This has been happening since 1.2.11 with us. We don't use any imap relay but was looking into imapproxy for cacheing speed and preventing advanced ddos attempts, those from users with access.
Jerrale G. errale G. SC Senior Admin