24 Mar
2022
24 Mar
'22
6:09 a.m.
On 23/03/2022 19.30, mj wrote:
Op 23-03-2022 om 12:29 schreef Aki Tuomi:
- Try hashing possible password candidates and compare
- Temporarily log everyone's passwords and then sanitize logs after you're done.
No way to enable that option for a single user.
While there is no way to enable that option for a single user, setting the following:
auth_debug = yes auth_debug_passwords = yes
Will enable it for all users. Possibly your concern is that you don't want to see legitimate users' passwords? In which case, you can rest assured that you only see the FAILED passwords for all users, not the CORRECT ones.
If you decide this is something you want to do, then you can find the culprits by grepping for "MD5" in the dovecot log, and then revert your configuration when you've collected enough info.
P.