<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 23 Sep 2019, at 8.29, Plutocrat via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">This is probably quite an easy question, but I haven't been able to find the answer. I'm running a server where all the email addresses are in the format "<a href="mailto:user@domain.com" class="">user@domain.com</a>". I've noticed that a large number of fake login attempts use the format "user" eg. reception, service, root, admin. <br class=""><br class="">Is it possible to prevent any such logins to these email users without an @domain.com? Or maybe ignore them. Or drop them from the logging. <br class=""><br class="">P.<br class=""></div></div></blockquote><br class=""></div><div>you can add username_filter = *@domain.com</div><div class=""><br class=""></div><div class="">or deny-passdb before actual passdb with username_filter = !*@domain.com</div><br class=""><div class=""><a href="https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/" class="">https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/</a></div><div class=""><br class=""></div><div class="">feature has existed since dovecot 2.2.30</div><div class=""><br class=""></div><div class="">Sami</div><div class=""><br class=""></div></body></html>