Many log entries like "auth: static(username,X.X.X.X: Password mismatch

olli1411

Hello everyone,

At the moment I have many log entries like this:

"auth: static(username,X.X.X.X: Password mismatch"
"auth: static(username,X.X.X.X): allow_real_nets check failed: IP X.X.X.X not in allowed networks"

My ban configuration ban this ips for a time, but after this time they come back. Is is a simple “IMAP / Dovecot” Login? For what is the “auth: static” ? Can I disable or optimize something?

Thanks for any help here!

esackbauer

You have to live with that, happens to me also all the time.
Internet is full of scanners, vulnerability checkers etc.
If your passwords complex enough and are not leaked, and you have 2FA enabled it should be no concern.

olli1411

esackbauer Thank you for help!
Okay understand, I have already received 30 emails from netfilter today. With verbose log from dovecot I can see which usernames are used.

What is meant by “auth: static”? And what is meant with allow_real_nets check failed: IP X.X.X.X not in allowed networks"?

olli1411

Any news on this topic? Today I have about 60 requests like this:

"auth: static(username,X.X.X.X: Password mismatch"
"auth: static(username,X.X.X.X): allow_real_nets check failed: IP X.X.X.X not in allowed networks"

What is meant by “auth: static”? And what is meant with allow_real_nets check failed: IP X.X.X.X not in allowed networks"?

esackbauer

If you want to know what in detail that error means, you should consult the dovecot documentation. Its the static auth driver and the one trying is coming from a network which is not “allowed” to use auth.
But its nothing more than somebody trying out passwords.