log failed plaintext password for specific user only
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Mar 23 10:11:10 UTC 2022
> On 23/03/2022 11:47 mj <lists at merit.unu.edu> wrote:
>
>
> Hi,
>
> We are logging failed authentication attempts, with the attempted
> password as auth_verbose_passwords=sha1
>
> The question: is it possible to configure auth_verbose_passwords=plain
> for a specific user only? Turning it on globally would be too much
> sensitive information for the purpose.
>
> Reason:
>
> We are currently observing a high number of failed authentications for a
> specific user, coming from *many* diffirent IPs across the globe, with
> most IPs only trying once or twice, making this difficult to block. The
> number of failed authentications cause this account to regularly become
> blocked in AD.
>
> We would like to know if they are trying older actual passwords from the
> user, or if it's just dictionary attack.
>
> Thanks!
Well, is the sha1 value same every time? If it is, then they are trying same password each time.
Aki
More information about the dovecot
mailing list