For a couple months or so I have noticed that failed dovecot logins do not print the offending IP address in /var/log/secure which prevents fail2ban from blocking appropriate ports. All had worked well for several years. Box is 5.7 fully updated.

I found this bug against cyrus-sasl which sounds like it might be related:

https://bugzilla.redhat.com/show_bug.cgi?id=683797

On the box in question,

rpm -q cyrus-sasl

cyrus-sasl-2.1.22-5.el5_4.3

Is anyone else seeing this?

Thanks in advance.

B.J.