[Dovecot] Auth error in log
Hi,
I have a setup with Dovecot handling a few virtual domains delivering mails to both local Unix account mailboxes and seperate mailboxes for virtual users defined in a MySQL database. A quick overview of the configuration shows two passdb definitions:
auth default { mechanisms = plain login
passdb pam { args = dovecot }
passdb sql { args = /etc/dovecot/dovecot-sql.conf }
userdb passwd { args = mail=maildir:~/Maildir blocking=yes }
userdb static { args = uid=vmail gid=mail home=/var/spool/vmail/%d/%n allow_all_users=yes }
user = root
socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail group = mail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } !include_try /etc/dovecot/auth.d/*.auth }
When a virtual user defined in the MySQL database tries to log in using IMAP or SMTP I always get auth failures logged in the system logs. Entries are like this:
Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=luser@mydomain.com rhost=85.224.xx.xx
I assume these failures comes form the fact that PAM doesn't recognize the virtual users and Dovecot continues to the SQL passdb entry. As a result I get a _lot_ of auth failures in the logs.
I have tried to come up with a way where the auth failures from PAM arent't logged if the the SQL authenication is successful. Is this possible or are there any other recommended ways to handle this?
/PH
-- Per-Henrik Lundblom email: ph@whatever.nu phone: +46 733 207126 webpage: www.whatever.nu
Hi,
Also attached a dovecot -n dump:
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.04.4 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 117 mail_privileged_group: mail mail_location: maildir:/var/spool/vmail/%d/%n/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: postmaster_address: postmaster@mydomain.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/spool/vmail/dovecot-deliver.log auth default: mechanisms: plain login passdb: driver: pam args: dovecot passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd args: mail=maildir:~/Maildir blocking=yes userdb: driver: static args: uid=vmail gid=mail home=/var/spool/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: mail
/PH
-- Per-Henrik Lundblom epost: ph@whatever.nu telefon: 0733-20 71 26 hemsida: www.whatever.nu
Hi,
When a virtual user defined in the MySQL database tries to log in using IMAP or SMTP I always get auth failures logged in the system logs. Entries are like this:
Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=luser@mydomain.com rhost=85.224.xx.xx
I assume these failures comes form the fact that PAM doesn't recognize the virtual users and Dovecot continues to the SQL passdb entry. As a result I get a _lot_ of auth failures in the logs.
I have tried to come up with a way where the auth failures from PAM arent't logged if the the SQL authenication is successful. Is this possible or are there any other recommended ways to handle this?
How do other users solve this issue? The simple way is to just ignore all the logged auth failures but that seems too easy.
/PH
-- Per-Henrik Lundblom email: ph@whatever.nu cell: +46 733-20 71 26 webpage: www.whatever.nu
On 02 Sep 2013, at 07:40 , Per-Henrik Lundblom <ph@whatever.nu> wrote:
When a virtual user defined in the MySQL database tries to log in using IMAP or SMTP I always get auth failures logged in the system logs. Entries are like this:
Aug 21 06:25:36 roadrunner dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=luser@mydomain.com rhost=85.224.xx.xx
I assume these failures comes form the fact that PAM doesn't recognize the virtual users and Dovecot continues to the SQL passdb entry. As a result I get a _lot_ of auth failures in the logs.
I have tried to come up with a way where the auth failures from PAM arent't logged if the the SQL authenication is successful. Is this possible or are there any other recommended ways to handle this?
How do other users solve this issue? The simple way is to just ignore all the logged auth failures but that seems too easy.
There's nothing to solve. If you have multiple authentication methods then any but the right one will fail, obviously.
That said, I don't see these at all (I have pam and sql set).
Are you logging to a dovecot log file or to syslog?
This is what I see in maillog:
Sep 2 15:00:51 mail dovecot: imap-login: Login: user=<*user*@*domain.tld*>, 12.34.56.789, PLAIN, TLS Sep 2 10:10:54 mail dovecot: imap-login: Login: user=<kremels>, 12.34.56.798, PLAIN, TLS
-- In other news, Gandalf died. -- Secret Diary of Boromir
participants (2)
-
LuKreme
-
Per-Henrik Lundblom