[BlueOnyx:16779] Dovecot security

[Robert Fitzpatrick]

I have a customer that starts receiving 'auth failed' when checking any 
mailboxes from their office location, I have verified all logins are 
correct using Webmail. I found an error in our maillog related to one 
specific user receiving the following error.....

Dec 31 09:24:09 www1 dovecot: imap-login: Disconnected: Too many invalid 
command
s (auth failed, 1 attempts in 6 secs): user=...

All other accounts in the same office are using POP3, I see this user 
connecting with another IP and we tracked them down to the error coming 
from the users cell phone using IMAP as shown above. When the user left 
the office this morning, taking his phone with him, the others were able 
to send and receive without error. When he came back, it all started 
again. I have added the office IP address to /etc/hosts.allow, but that 
doesn't seem to prevent Dovecot from giving the auth failed errors when 
this situation is at hand. The trouble user removed the email account 
from his phone until his IT make sure it is not throwing errors and I've 
confirmed the errors stopped in the login, but Dovecot still relaying 
auth failed errors to all users.

So, is there is something with Dovecot security throwing 'auth failed' 
errors when this type of activity? My guess is that the users will begin 
to work shortly as they did before now that the errors above have 
stopped, but is there a way to have Dovecot reset this security feature 
that seems to be causing the issue? Or am I seeing something else? I 
tried restarting Dovecot...

-- 
Robert