[Dovecot] Authentication failure messages in logs

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Mon Mar 18 16:13:53 EET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 16 Mar 2013, Nicolas Mora wrote:

> I'm currently running dovecot on a debian stable and every day, I see this 
> message dozens of time in my logs :

> Mar 16 11:27:57 hector dovecot-auth: pam_unix(dovecot:auth): authentication 
> failure; logname= uid=0 euid=0 tty=dovecot ruser=nicolas rhost=72.53.129.223 
> user=nicolas

> on the list archive, this message for example tells to comment out the pam 
> section.
> http://www.dovecot.org/list/dovecot/2008-July/031966.html
> Except that my authentication needs pam...
>
> Is there any way to solve this without migrating to virtual users ?

>  passdb:
>    driver: pam
>    args: dovecot

Well, you seem to use just one passdb. The article you are referring to 
says "the first try is always empty username and password so it slows down 
terribly every action.".

So to clarify your situation a bit:

1) Did you enabled auth_debug? If not, do so for a day or two.
2) Do you see in the logs, if more than one database is queried for one 
login process. If not, the article does not match your situation.
3) Is "nicolas" a valid user? Are all users with authentication failure 
valid ones?
4) When you login _yourself_ manually (not with a cached password in 
Thunderbird), do you see that log message, too? If you are unsure, if you 
can login without a cached password, try to ssh to your server, then

telnet localhost 143
1 login "username" "password"
2 logout

5) Did you considered, your server is under (slow) attack?

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUUchIl3r2wJMiz2NAQKDWAgAgLLfmE6vbhIHoIYUv9xDhTG5ZdoqsQZk
8KKxmxXJ+XvHWAGzZ2hucIXMIfcUduZTPePCcXlz4CcjY4oklSx7z3H/hWleaWF4
v5WWxy8rismYeBwnGULWnUbWmO/XcbZ5EBdraLteL3eXQfSapwsp6EY8sgqSag44
yyrLWBHCPha2+7TSkgon7VOjRxnMoVhaQTSUi7S+rhsqjDA8NUMRf9aXZ32XeZzF
L7t4W86qxMO+oUwo2dCLXyQ8w8NsuBxWcjsLFdyoB1u9pnCuAIZ905wN5Qcam4fm
egTZfY08tCUFln4B7FzWi4cRp4x2aAwbBNOhOpfElMEKrB6yv3V6pw==
=0oaK
-----END PGP SIGNATURE-----


More information about the dovecot mailing list