as far as i understand postfix has no way to know the username of such failed logins like below, IMHO dovecot internally does because it verifies against the sql-userdatabase
is there a way that dovecot logs the username? after ask the users to change their passwords for safety caused by Heartbleed it was easy to write a tool find forgotten devices in case of IMAP/POP3 but especially Apple clients force to enter the new password seperated for incoming and outgoing server and don't tell the user if things don't work so there is really a need support them and fuzzy logic based on the last successful IMAP/POP3 login from a IP and failed send attempts from the same IP shortly after receive mail leaves a bad taste of only a guess May 18 11:19:09 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 18 11:19:15 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
signature.asc
Description: OpenPGP digital signature
