Jun 27 12:03:27 bubba dovecot: auth: ldap(SomeUser@MyDomain.com,127.0.0.1): invalid credentials

The only other thing I can think of - Postfix runs on this server and uses Dovecot SASL. Is it possible the Dovecot auth log line is caused by a Postfix connection attempt?

That would have been my first guess. Why don't you actually try it out (i.e. login in to SMTP with bad credentials) and see if the mysterious log entry appears.

# Create bogus SMTP auth string
AUTH=`echo "\0user\0badpassword\c" | openssl enc -base64`

# SMTP session commands
echo "EHLO test.client.helo\nAUTH PLAIN $PW\nQUIT" >data

# Use whichever command your Postfix supports "250-AUTH PLAIN"
#	- if you greet pause, you'll have to enter data manually
netcat -C mailserver 25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:25 <data
openssl s_client -crlf -quiet -starttls smtp -connect mailserver:587 <data
openssl s_client -crlf -quiet -connect mailserver:465 <data

Joseph Tam jtam.home@gmail.com