[Dovecot] Logging authentication failures when Dovecot's auth service used to authenticate postfix smtpd
MV
mvfreelancer at gmail.com
Fri Feb 28 15:57:31 UTC 2014
Please ignore my previous email. I guess the lack of sleep has taken
the best of me.
What I was trying to achieve is, to have a log entry for every
authentication attempted regardless of its success or failure. And
from that log I should extract the client's IP.
My setup authenticates imap and pop3 users through a "passwd-file"
authentication database. And postfix is setup to authenticate
submissions through the dovecot socket "auth". So far so good.
Currently ("auth_verbose = yes" and "auth_debug = no") when a client
connects to either imap, pop3 or submission/smtpd and fails to
authenticate, Dovecot *immediately* logs the failure as below.
auth: Info: passwd-file(...) ...
auth: Info: plain(...) ...
auth: Info: login(...) ...
And when a client connects to either imap and pop3 successfully,
Docecot *immediately* logs that too.
The reason I enforce _immediately_ is because successful
submission/smtpd authentications are not logged until after postfix
receives the command "RCPT TO". And as such, the following sequence of
commands will not be logged by Dovecot, and will only be logged as
connect+disconnect by Postfix.
connect to Postfix/Submission/587
Send EHLO...
Send STARTTLS
Send AUTH...
Wait success
Send QUIT
Goto connect
And below is what postfix's log will show after the commands above are
executed by the remote client.
... postfix/smtpd[1234]: connect from host.domain.tld[0.0.0.0]
... postfix/smtpd[1234]: disconnect from host.domain.tld[0.0.0.0]
... postfix/smtpd[5678]: connect from host.domain.tld[0.0.0.0]
... postfix/smtpd[5678]: disconnect from host.domain.tld[0.0.0.0]
So there's no trace in Postfix's log neither in Dovecot's log of the
successful authentication because the client quit the connection after
AUTH and before RCPT TO.
And finally, in order to have every AUTH logged (imap, pop3 and smtpd)
I could set auth_verbose=yes and auth_debug=yes and use syslog to
discard the excess debug messages keeping only the line that reads
auth: Debug: client in: AUTH ... rip=<...> ...
or instead I could keep auth_verbose=yes and auth_debug=no and patch
src/auth/auth-client-connection.c (see attachment).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth-client-connection.patch
Type: text/x-patch
Size: 714 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140228/cf4c7d36/attachment.bin>
More information about the dovecot
mailing list