On 2024-06-25 12:00, hp--- via dovecot wrote:
I am running Dovecot 2.3.21. One client has multiple computers in their LAN, connecting to my server with a static IP. One or several computers in that LAN keep logging in with failed password, but the Dovecot log only shows the public static IP, like this
Jun 25 10:39:20 server-name dovecot[689]: imap-login: Disconnected: Connection closed (auth failed, 2 attempts in 62 secs): user=xxxx@domainyyy.com, method=PLAIN, rip=client-public-IP, lip=server-IP, TLS, session=<MCLxoK4bksIO8zXR>
I tried to enable debug, but there is no more information about the LAN IP or computer names. Is there any setting which helps me with that purpose? So it will be much easier to locate the failed computers in that LAN?
Technically, there's no way for Dovecot to know what the client's LAN IP address is, at least not without the client providing this information (which it won't).
Some IMAP clients send IMAP ID commands to the server. This usually includes the name (e.g. "iPhone Mail", "Microsoft Outlook", etc) and version of the client, and you can have Dovecot log this to your log by setting the option:
imap_id_log = *
This might help you identify the misconfigured clients.
Not all clients send IMAP ID commands though, and some clients only send it *after* authenticating, in which case you won't see it in your situation.
- Eirik