On 23 Sep 2019, at 8.29, Plutocrat via dovecot <dovecot@dovecot.org> wrote:

This is probably quite an easy question, but I haven't been able to find the answer. I'm running a server where all the email addresses are in the format "user@domain.com". I've noticed that a large number of fake login attempts use the format "user" eg. reception, service, root, admin.

Is it possible to prevent any such logins to these email users without an @domain.com? Or maybe ignore them. Or drop them from the logging.

P.

you can add username_filter = *@domain.com

or deny-passdb before actual passdb with username_filter = !*@domain.com

https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/

feature has existed since dovecot 2.2.30

Sami