On 20/06/2023 07:17, Shawn Heisey wrote:
Hmm. Maybe I am wrong. I grepped my log for inactivity disconnects
that do not say "auth failed". All of the things it found were for my
email address, and had a timeout of 1800 seconds, not 180 seconds like
the ones for the other user that say "auth failed."
https://wiki.dovecot.org/Timeouts
180 seconds is the "CLIENT_LOGIN_TIMEOUT_MSECS", which means the user
has *not* been authenticated yet.
I can reproduce the message you're seeing through a simple IMAP session
like this:
~ % telnet <mailserver> 143
Trying <ip>...
Connected to <mailserver>.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
LITERAL+ STARTTLS AUTH=PLAIN] <mailserver> ready.
a1 login foo bar
a1 NO [AUTHENTICATIONFAILED] Authentication failed.
[3 minutes later]
* BYE Disconnected for inactivity.
This produces the following log output:
imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts
in 174 secs): user=<foo>, orig=<foo>, method=PLAIN, proto=imap,
rip=[rip], lip=[lip], session=[session_id]
It seems likely that the logs you're seeing are actually sessions with
no successful login. If that weren't the case, you should be able to
find a log line for the successful login if you search your logs for the
IMAP session ID, e.g. something like:
imap-login: Info: Login: user=<foo>, orig=<foo>, method=PLAIN,
proto=imap, rip=[rip], lip=[lip], session=[session_id], secured
Best regards,
Eirik
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
