On 16 Aug 2019, at 14.35, Jean-Daniel via dovecot dovecot@dovecot.org wrote:
Some of the behaviours you observe may be due to the same bug I encountered:
https://dovecot.org/pipermail/dovecot/2019-July/116475.html
Especially, regarding the ‘successful' field for auth, which does not exists and is really named ‘success', and which is never set anyway.
As a workaround you could use auth_passdb_request_finished. And since it shows differences between "password mismatch" vs "user unknown", that's likely a good permanent solution as well.
metric auth_ok { event_name = auth_passdb_request_finished filter { result = ok } } metric auth_user_unknown { event_name = auth_passdb_request_finished filter { result = user_unknown } } metric auth_password_mismatch { event_name = auth_passdb_request_finished filter { result = password_mismatch } }