> in case of SASL postfix is talking via a unix socket so there is no > connection IP dovecot knows about
I don't not where Dovecot get the client IP from, but having auth socket in place, below is a redacted extract from my logs. As you can see Dovecot does know the client's IP. Dovecot config: auth_verbose = yes auth_debug = no # Dovecot log after submission/smtpd AUTH successful <nothing> # Dovecot log after submission/smtpd AUTH failure ... auth: Info: passwd-file(j...@example.com,46.z.z.z): Password mismatch Dovecot config: auth_verbose = yes auth_debug = yes # Dovecot log after submission/smtpd AUTH successful ... auth: Debug: client in: AUTH 1 PLAIN service=smtp nologin lip=212.x.x.x rip=46.z.z.z secured resp=<hidden> ... auth: Debug: passwd-file(j...@example.com,46.z.z.z): lookup: user=j...@example.com file=/etc/dovecot/virtual_users ... auth: Debug: client passdb out: OK 1 user=j...@example.com # Dovecot log after submission/smtpd AUTH failure ... auth: Debug: client in: AUTH 2 PLAIN service=smtp nologin lip=212.x.x.x rip=46.z.z.z secured resp=<hidden> ... auth: Info: plain(?,46.z.z.z): invalid input ... auth: Debug: client passdb out: FAIL 2 And regardless of Docecot config, postfix always logs the same stuff # Postfix log after submission/smtpd AUTH successful (QUIT after AUTH without sending RCPT TO) ... postfix/smtpd[5678]: connect from host.client.foo.tld[46.z.z.z] ... postfix/smtpd[5678]: disconnect from host.client.foo.tld[46.z.z.z] # Postfix log after submission/smtpd AUTH failure ... postfix/smtpd[1234]: connect from host.client.foo.tld[46.z.z.z] ... postfix/smtpd[1234]: warning: host.client.foo.tld[46.z.z.z]: SASL PLAIN authentication failed: ... postfix/smtpd[1234]: disconnect from host.client.foo.tld[46.z.z.z]
