Hi list. On 09.06.2013 03:35, LuKreme wrote: > On 08 Jun 2013, at 04:09 , Bogdan Enache <enachebog...@gmx.com> wrote: > >> But how can I also show the username that was tried in the logs? I want >> to see: >> 1. Which user keeps entering the wrong password. >> 2. What user is someone else trying to hijack. > Are you using courier authlib? > > It has a DEBUG_LOGIN setting which will put the login AND password in the > logs. I believe it will log incorrect password attempts as well. No, I'm using Dovecot SASL login.
> >> I have fail2ban installed and working (banning IPs for 1 hour after 10 >> incorrect passwords) > 10? That seems overly generous. > > My fail2ban was set at 1 hour for 3 failed attempts and a day for 10. > Unfortunately if I try lowering it from 10 to 3 I will receive like 20 phone calls a day about users that don't know how to check when CAPS LOCK is on or off. So I guess it's not easily doable using Dovecot SALS, right? Thanks!