since years now we get thousands of such messages each day for "imap-login" and "pop3-login" - the problem is taht logwatch creates for each client-ip and user a own line and if your clients are using mobile devices they are changing their ip multiple times each hour in other words: logwatch is useless for dovecot _____________________ **Unmatched Entries** dovecot: imap-login: proxy(h.reindl): started proxying to 127.0.0.1:143: user=<h.reindl>, method=CRAM-MD5, rip=10.0.0.241, lip=10.0.0.15, TLS: 30 Time(s) dovecot: imap-login: proxy(h.reindl): started proxying to 127.0.0.1:143: user=<h.reindl>, method=PLAIN, rip=10.0.0.241, lip=10.0.0.15, TLS: 177 Time(s)
logwatch-7.4.0-11.20120229svn100.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/logwatch-7.4.0-11.20120229svn100.fc17
wonderful - this looks so much better i rolled out "logwatch-7.4.0-12.20120229svn100.fc16.20120504.rh.noarch" "attempts in X secs" should possibly be a summary counter the one unmatched could be interesting - usually it is a sign that the backend server had a problem and no need to see in logwatch for waht user, this can be better done with grep on the maillog after get the warning in logwatch it made me crazy since 2009 (my first mailserver) get practically the whole dovecot log per mail what is not really a summary and not helpful :-) --------------------- Dovecot Begin ------------------------ Dovecot disconnects: Inactivity (internal failure, 1 succesful auths): 1 Time(s) Inactivity (no auth attempts in 180 secs): 2 Time(s) Inactivity during authentication (client didn't finish SASL auth, waited 178 secs): 1 Time(s) Too many invalid commands (no auth attempts in 0 secs): 1 Time(s) auth failed, 1 attempts in 2 secs: 16 Time(s) auth failed, 1 attempts in 3 secs: 1 Time(s) auth failed, 1 attempts in 5 secs: 1 Time(s) auth failed, 1 attempts in 9 secs: 1 Time(s) client didn't finish SASL auth, waited 0 secs: 3 Time(s) client didn't finish SASL auth, waited 1 secs: 5 Time(s) no auth attempts in 0 secs: 20 Time(s) no auth attempts in 1 secs: 3 Time(s) no auth attempts in 28 secs: 1 Time(s) no auth attempts in 29 secs: 1 Time(s) no auth attempts in 40 secs: 8 Time(s) no auth attempts in 41 secs: 2 Time(s) no auth attempts in 44 secs: 1 Time(s) no auth attempts in 46 secs: 4 Time(s) no auth attempts in 5 secs: 3 Time(s) no auth attempts in 59 secs: 2 Time(s) no auth attempts in 6 secs: 1 Time(s) no auth attempts in 60 secs: 1 Time(s) no auth attempts in 61 secs: 2 Time(s) no auth attempts in 78 secs: 1 Time(s) no auth attempts in 9 secs: 1 Time(s) **Unmatched Entries** dovecot: imap-login: Error: proxy(*****@thelounge.net): connect(127.0.0.1, 143) failed: Connection refused (after 0 secs): 1 Time(s) ---------------------- Dovecot End -------------------------
logwatch-7.4.0-12.20120229svn100.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/logwatch-7.4.0-12.20120229svn100.fc16
Package logwatch-7.4.0-12.20120229svn100.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing logwatch-7.4.0-12.20120229svn100.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-7541/logwatch-7.4.0-12.20120229svn100.fc16 then log in and leave karma (feedback).
Created attachment 585518 [details] imporoved patch can you please replace with the attached patch removed "lip" because even without it is "unique enough" and in dovecot 2.1.6 a new column "session" was added resulting even on 23" screens in lineabreak while "tail -f" so i configured "login_log_format_elements = user=<%u> method=%m rip=%r %c" to get also rid of the local-ip which will never change and spam came back
logwatch-7.4.0-12.20120229svn100.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
logwatch-7.4.0-11.20120229svn100.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
oh no, svn110 remves the dovecot-proxy patch and does not fix the wrong behavior in my comment 5 _____________ logwatch-7.4.0-13.20120619svn110.fc17.noarch dovecot: imap-login: proxy(rhsoft): started proxying to 127.0.0.1:20143: user=<rhsoft>, method=CRAM-MD5, rip=192.168.2.2, TLS: 8 Time(s) this means nearly the complete logfile on prouction servers with mobile-clients