[Dovecot] Auth-woker log lines
Hi,
Are log lines like the following:
Jul 28 15:30:50 mx1.somewhere dovecot: auth-worker(18980): sql(user@domain,217.67.x.x): unknown user Jul 28 15:32:56 mx1.somewhere dovecot: auth-worker(18980): sql(user@domain,212.182.x.x): Password mismatch
written every time any authetntication phase fails, in SASL as well as in POP3/IMAP mailbox access? I have a legacy app that would gain a lot if I could distinguish between failed SASL authentication and failed POP3/IMAP authentication. I know I can use the "auth failed" lines for the latter case, and postfix log lines in the former, but they don't contain user info. Is there a way for log monitoring software to get failed login lines with both user info, and the reason (SASL, POP3, IMAP)?
Regards,
Grzegorz Staniak <gstaniak [at] gmail _dot_ com>
On Sun, 2013-07-28 at 19:58 +0200, Grzegorz Staniak wrote:
Hi,
Are log lines like the following:
Jul 28 15:30:50 mx1.somewhere dovecot: auth-worker(18980): sql(user@domain,217.67.x.x): unknown user Jul 28 15:32:56 mx1.somewhere dovecot: auth-worker(18980): sql(user@domain,212.182.x.x): Password mismatch
written every time any authetntication phase fails, in SASL as well as in POP3/IMAP mailbox access? I have a legacy app that would gain a lot if I could distinguish between failed SASL authentication and failed POP3/IMAP authentication. I know I can use the "auth failed" lines for the latter case, and postfix log lines in the former, but they don't contain user info. Is there a way for log monitoring software to get failed login lines with both user info, and the reason (SASL, POP3, IMAP)?
With newer Dovecot versions the auth log lines include <sessionid>. Simplest way to differentiate then POP3/IMAP vs SMTP is to see if there is a <sessionid> at all, becauseSMTP doesn't (currently at least) provide one.
participants (2)
-
Grzegorz Staniak
-
Timo Sirainen