No, the problem is the logging of the cache lookup with password mismatch. (release 2.3.17) We missing client IP and user in the cache lookup logging.

auth-worker(1676266): Info: conn unix:auth-worker (pid=1675846,uid=97): auth-worker<2>: Password mismatch (given password: xxxx)

Arvid

-----Original Message----- From: Aki Tuomi aki.tuomi@open-xchange.com Sent: tirsdag 22. februar 2022 09:15 To: Eikås Arvid arvid.eikas@telenor.no; dovecot@dovecot.org Subject: Re: Different auth logging with cache lookup. (OPEN)

On 22/02/2022 09:42 Eikås Arvid arvid.eikas@telenor.no wrote:

dovecot-2.3.5 and centos 7 User and IP are logged in both scenarios. auth-worker(26145): sql(user,1.1.1.1,<XXXXXXXX>): Password mismatch auth-worker(13380): cache(user@online.no,1.1.1.1): Password mismatch

dovecot-2.3.17 and rhel 8 Feb 03 14:42:53 auth-worker(1676266): Info: conn unix:auth-worker (pid=1675846,uid=97): auth-worker<1>: sql(user,127.0.0.1,<XXXXXXXX>): Password mismatch (given password: xxxx) Feb 03 14:43:48 auth-worker(1676266): Info: conn unix:auth-worker (pid=1675846,uid=97): auth-worker<2>: Password mismatch (given password: xxxx)

User and IP is not logged in cache lookup. Is this a design change or a unplanned change?

Any ide when it was changed?

Looks more like 2.3.5 is incorrectly checking both cache and sql?

Aki