I’m using a combination of Dovecot 22.214.171.124 and Postfix 3.3.0 on Ubuntu server 18.04, and have recently (this has probably been going on since day one, which is - way back) been made aware that Dovecot preceeds every login with a line in dovecot-info.log complaining about an unknown user, (where email@example.com is whatever client trying to connect and the IP varies accordingly for obvious reasons):
auth-worker(21760): Info: passwd(firstname.lastname@example.org,126.96.36.199,): unknown user
This, as far as I can tell, is related to another message logged in the debug.log:
auth: Debug: pam(email@example.com,188.8.131.52,): passdb doesn’t support credential lookups
which leads me to the obvious conclusion that there’s at least one lookup in the wrong place or a misconfigured password file. Relevant part of Dovecots configuration file would be (just to be clear; the file /etc/dovecot/passwd does exist and is using CRAMD5)
driver = passwd-file
args = scheme=CRAMD5 /etc/dovecot/passwd
skip = never
result_failure = continue
result_internalfail = continue
result_success = return-ok
auth_verbose = default
Dovecot is accepting valid clients, but this one line in the log file mess things up for Fail2Ban, so I would like to have it sorted if at all possible.
Edit: Strange formatting.