All,
I have restricted access for several users using the Restring Access
documentation https://doc.dovecot.org/2.4.0/howto/restrict_access.html
This was to cut down on the brute-force attempts against dovecot for
certain users whose usernames/e-mails are routinely used.
I have a very simply passdb config:
passdb passwd-file {
passwd_file_path = /etc/dovecot/deny.%{protocol}
deny = yes
}
passdb pam {
driver = pam
}
userdb pam {
driver = passwd
}
I created the /etc/dovecot/deny.imap file with one username per-line.
But what confuses me is the server logs the exact same failure for
unsuccessful login after restricting access as it did before restricting
access. E.g.
2026-05-20T07:22:43.039585-05:00 valkyrie auth[28618]:
pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0
tty=dovecot [email protected] rhost=70.186.179.37
2026-05-20T07:22:51.578711-05:00 valkyrie auth[28618]:
pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0
tty=dovecot [email protected] rhost=70.186.179.37
May 20 07:25:36 valkyrie dovecot[1015]: imap-login: Login aborted:
Inactivity (auth failed, 2 attempts in 177 secs) (auth_failed):
user=<[email protected]>, method=PLAIN, rip=70.186.179.37,
lip=192.168.6.14, TLS, session=<ouXP2T5SJpZGurMl>
Is this normal, or should dovecot respond to restricted users in some
way that differs from a normal login failure?
All could be working fine, I'm just not certain about the log entries.
--
David C. Rankin, J.D.,P.E.
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
