Friday, July 8, 2011, 4:54:19 AM, babajaga wrote: > I am receiving a lot of error messages > dovecot-auth: gkr-pam: error looking up user information for: <user>
> Unfortunately, I do not see the IP of the remote client, trying to break in. > Is there any possibility to get it ? Would be useful to block the IP. You didn't state the version of Dovecot you were running. Here I have Dovecot 2.0.12. I have set in the config: auth_verbose = yes auth_verbose_passwords = sha1 It logs the sha1 hash of the password attempt. I also have a cron set up to email me the password attempts from the previous day: # Check for email accounts that have login attempts with # incorrect passwords from the previous day. 0 3 * * * /usr/bin/bzegrep -i 'password.mismatch' /var/log/maillog.0.bz2 From the commented config file 10-logging.conf: # Log unsuccessful authentication attempts and the reasons why they failed. #auth_verbose = no # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no -- Best regards, Duane mailto:[email protected]
