[Dovecot] Failed IMAP Login Attempts in Logs
I had a user telling me that they can't login to the Postfix email server via Webmail (RoundCube) and I decided to see if I could locate this issue in the logs and understand if the user was simply using a wrong password credential and or something more serious. More than likely the person is just using a wrong password but in search of this on my logs, I don't understand why Dovecot doesn't log failed login attempts. When I attempted to login with a wrong password, I show the following in my logs:
[root@mail log]# cat /var/log/maillog | grep 'Jan 5' | grep -i 'dovecot' | grep -i 'carlos' Jan 5 11:00:13 mail dovecot: imap-login: Disconnected: user=<carlos>, method=PLAIN, rip=::ffff:192.168.0.10, lip=::ffff:192.168.0.10
Is there a log level or something I am not searching for that will allow me to see failed or invalid logins for Dovecot (IMAP)?
Thanks!
On 11:59 AM, Carlos Williams wrote:
Is there a log level or something I am not searching for that will allow me to see failed or invalid logins for Dovecot (IMAP)?
What auth method are you using? For example, if you are using pam, the failures are probably in /var/log/secure.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Tue, 5 Jan 2010 11:09:07 -0500, Carlos Williams carloswill@gmail.com wrote:
I had a user telling me that they can't login to the Postfix email server via Webmail (RoundCube) and I decided to see if I could locate this issue in the logs and understand if the user was simply using a wrong password credential and or something more serious. More than likely the person is just using a wrong password but in search of this on my logs, I don't understand why Dovecot doesn't log failed login attempts.
Is there a log level or something I am not searching for that will allow me to see failed or invalid logins for Dovecot (IMAP)?
# In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no auth_debug_passwords = yes
participants (3)
-
Carlos Williams
-
Jim Pazarena
-
Mark Sapiro