Hi,
I read about this being normal, but as worded in the help article : http://help.directadmin.com/item.php?id=175 it seems there would be one error logged for a valid user.
RE:
I'd consider the following two errors.
It's sort of confusing anyhow since "spook" is listed in /etc/virtual/domain.com/passwd however, not [email protected] -- which I guess makes the two errors applicable?
I'm splitting hairs here I know, but seems keeping this logging -on- could be of value, just would be nice to filter out the noise of the above and still log 'legitimate' errors for cases where the log entries could help.
Boils down to wishing the massive amount of these 'fake' errors wouldn't get logged, but would prefer to not disable any logging that could help solve a problem down the road.. No sort of middle-ground here?
I read about this being normal, but as worded in the help article : http://help.directadmin.com/item.php?id=175 it seems there would be one error logged for a valid user.
RE:
A valid email account of either type will only exists in one of these database, not both, but both are checked to attempt to validate the user. If the email account does not exist in the first one, then the error will show up, even though it exists in the 2nd database. This is normal.
I'd consider the following two errors.
Code:
Apr 17 23:29:03 srv2 dovecot[6308]: auth-worker(7560): shadow([email protected],127.0.0.1): unknown user
Apr 17 23:29:03 srv2 dovecot[6308]: auth-worker(7560): passwd([email protected],127.0.0.1): unknown user
Apr 17 23:32:31 srv2 dovecot[6308]: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=7635, secured, session=<pnq9zEj3jAB/AAAB>
Apr 17 23:32:31 srv2 dovecot[6308]: imap([email protected]): Disconnected: Logged out in=91 out=854
I'm splitting hairs here I know, but seems keeping this logging -on- could be of value, just would be nice to filter out the noise of the above and still log 'legitimate' errors for cases where the log entries could help.
Boils down to wishing the massive amount of these 'fake' errors wouldn't get logged, but would prefer to not disable any logging that could help solve a problem down the road.. No sort of middle-ground here?