First let me state that the mail server is working fine and users can connect and send email.
Basically there is a local web script connecting into the mail server trying to send mail every few minutes. It has the wrong password. Problem is we don't know what script is connecting in so we are looking for a way to get the username which is being tried.
UGFzc3dvcmQ6 – decodes to Password: so isn't much help. A full log line is below.
Dec 11 20:15:37 HOST postfix/smtpd[642]: warning: HOST[x.x.x.x]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Server is running Debian/Postfix/Dovecot.
Best Answer
We were able to trace the username by using Dovecot itself.
In the
/etc/dovecot/conf.d/10-logging.conf
config we enabled verbose auth logging usingThis put the information in