[Dovecot] dovecot-auth: gkr-pam: error looking up user information for: IP ?
I am receiving a lot of error messages dovecot-auth: gkr-pam: error looking up user information for: <user>
Unfortunately, I do not see the IP of the remote client, trying to break in. Is there any possibility to get it ? Would be useful to block the IP.
View this message in context: http://old.nabble.com/dovecot-auth%3A-gkr-pam%3A-error-looking-up-user-infor... Sent from the Dovecot mailing list archive at Nabble.com.
Friday, July 8, 2011, 4:54:19 AM, babajaga wrote:
I am receiving a lot of error messages dovecot-auth: gkr-pam: error looking up user information for: <user>
Unfortunately, I do not see the IP of the remote client, trying to break in. Is there any possibility to get it ? Would be useful to block the IP.
You didn't state the version of Dovecot you were running. Here I have Dovecot 2.0.12.
I have set in the config:
auth_verbose = yes auth_verbose_passwords = sha1
It logs the sha1 hash of the password attempt. I also have a cron set up to email me the password attempts from the previous day:
Check for email accounts that have login attempts with
incorrect passwords from the previous day.
0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2
From the commented config file 10-logging.conf:
Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
In case of password mismatches, log the attempted password. Valid values are
no, plain and sha1. sha1 can be useful for detecting brute force password
attempts vs. user simply trying the same password over and over again.
#auth_verbose_passwords = no
-- Best regards, Duane mailto:duane@duanemail.org
participants (2)
-
babajaga
-
Duane Hill