Log authentication attempts
rej ex
rejex at yandex.com
Mon Jan 23 22:06:12 UTC 2017
Hi everyone,
We are running Dovecot 2.2.9 as a primary IMAP server. Also we use Dovecot SASL for SMTP authentication.
Because we are building some monitoring application, we will need to record all failed and successful login attempts. We need to record remote IP, entered password in plain text, and if possible whether auth request is for SMTP or IMAP session.
I checked http://wiki.dovecot.org/PostLoginScripting and noticed that post-login scripts are executed only after result_success, but not after result_failure (password mismatch).
Also I read http://wiki.dovecot.org/PasswordDatabase where I saw that since version 2.2.10 it is possible to control what happens after passdb check, but allowed result values don't include executing custom script.
Does anyone know a way to call external binary / script, or at least save a record in the database after login attempt without reading the log files?
P.S. there is also a special case. When someone logs in from webmail, remote IP is set to webmail's server. In this case, we will log the attempt from the webmail itself, because it has the correct remote IP.
Robin Wood
More information about the dovecot
mailing list