Michael,

Your Dovecot's LMTP is just looking up root because mails are sent to root. If you don't want root to be looked-up, then you just have to prevent being sent to root, I guess.

Are the mails sent to postmaster addressed to root in the alias file? Should check the alias on the postfix side.

-----Original Message----- From: dovecot dovecot-bounces@dovecot.org On Behalf Of Michael Ruiz Sent: Thursday, February 4, 2021 3:09 AM To: dovecot@dovecot.org Subject: Logfile flooding with lookup failure for root user using pam

Hi all,

I am getting the error where root is constantly being lookedup over imap I am guessing. I am pretty sure services like fail2ban and logwatch are setup to send from another user instead of root @ localhost so I think this may be an imap issue. I tried adding root to /etc/dovecot/deny-users , but this error still persists. I know imap as root is a big security issue and is disabled, but I cannot pinpoint how or why this is happening so often. I am using PAM and passwd for authentication and authorization.

How can I prevent root user from being looked up in the first place ?

Regards, Michael

dovecot[606167]: lmtp(606199): Error: lmtp-server: conn unix:pid=606196,uid=73 [2]: rcpt root@<domain>: Failed to lookup user root@<domain>: Invalid settings in userdb: userdb returned 0 as uid replaced my domain name with <domain> in this example.