28 Jun
2017
28 Jun
'17
10:38 p.m.
Jun 27 12:03:27 bubba dovecot: auth: ldap(SomeUser@MyDomain.com,127.0.0.1): invalid credentials
The only other thing I can think of - Postfix runs on this server and uses Dovecot SASL. Is it possible the Dovecot auth log line is caused by a Postfix connection attempt?
That would have been my first guess. Why don't you actually try it out (i.e. login in to SMTP with bad credentials) and see if the mysterious log entry appears.
# Create bogus SMTP auth string
AUTH=`echo "\0user\0badpassword\c" | openssl enc -base64`
# SMTP session commands
echo "EHLO test.client.helo\nAUTH PLAIN $PW\nQUIT" >data
# Use whichever command your Postfix supports "250-AUTH PLAIN"
# - if you greet pause, you'll have to enter data manually
netcat -C mailserver 25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:587 <data
openssl s_client -crlf -quiet -connect mailserver:465 <data
Joseph Tam <jtam.home@gmail.com>
2735
Age (days ago)
2735
Last active (days ago)
0 comments
1 participants
participants (1)
-
Joseph Tam