log failed plaintext password for specific user only
mj
lists at merit.unu.edu
Wed Mar 23 09:47:52 UTC 2022
Hi,
We are logging failed authentication attempts, with the attempted
password as auth_verbose_passwords=sha1
The question: is it possible to configure auth_verbose_passwords=plain
for a specific user only? Turning it on globally would be too much
sensitive information for the purpose.
Reason:
We are currently observing a high number of failed authentications for a
specific user, coming from *many* diffirent IPs across the globe, with
most IPs only trying once or twice, making this difficult to block. The
number of failed authentications cause this account to regularly become
blocked in AD.
We would like to know if they are trying older actual passwords from the
user, or if it's just dictionary attack.
Thanks!
More information about the dovecot
mailing list