Log authentication attempts
Hi everyone,
We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot SASL for SMTP authentication.
Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session.
I checked http://wiki.dovecot.org/PostLoginScripting and noticed that post-login scripts are executed only after result_success, but not after result_failure (password mismatch).
Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since version 2.2.10 it is possible to control what happens after passdb check, but allowed result values don't include executing custom script.
Does anyone know a way to call external binary / script, or at least save a record in the database after login attempt without reading the log files?
P.S. there is also a special case. When someone logs in from webmail, remote IP is set to webmail's server. In this case, we will log the attempt from the webmail itself, because it has the correct remote IP.
Robin Wood
Since 2.2.27 we've had auth policy server support which can do this properly.
Aki
On 24.01.2017 00:06, rej ex wrote:
Hi everyone,
We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot SASL for SMTP authentication.
Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session.
I checked http://wiki.dovecot.org/PostLoginScripting and noticed that post-login scripts are executed only after result_success, but not after result_failure (password mismatch).
Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since version 2.2.10 it is possible to control what happens after passdb check, but allowed result values don't include executing custom script.
Does anyone know a way to call external binary / script, or at least save a record in the database after login attempt without reading the log files?
P.S. there is also a special case. When someone logs in from webmail, remote IP is set to webmail's server. In this case, we will log the attempt from the webmail itself, because it has the correct remote IP.
Robin Wood
participants (2)
-
Aki Tuomi
-
rej ex