I have been working on setting up my own mail server, using postfix, dovecot etc.
While running dovecot with certain debug/verbose flags there is a message in my maillog that isn’t really an error (“unknown user - trying the next userdb”). This occurs every time Evolution is retrieving emails. That’s fine, and it’s not Evolution’s fault.
However, what is concerning is this: A strange IP address associated with my username in the maillog:
Apr 1 14:58:53 dbdemon dovecot[22317]: auth-worker(22324): conn unix:auth-worker (uid=143): auth-worker<1>: passwd(********@dbdemon.com,***.***.***.***,<PSpbOgoViMtSBsYa>): unknown user - trying the next userdb
Apr 1 14:58:53 dbdemon dovecot[22317]: imap-login: Login: user=<********@dbdemon.com>, method=PLAIN, rip=***.***.***.***, lip=78.141.197.193, mpid=22323, TLS, session=<PSpbOgoViMtSBsYa>
Apr 1 15:04:31 dbdemon dovecot[22317]: auth-worker(22355): conn unix:auth-worker (uid=143): auth-worker<1>: passwd(********@dbdemon.com,3.90.102.151,<l9qCTgoVE1cDWmaX>): unknown user - trying the next userdb
Apr 1 15:04:31 dbdemon dovecot[22317]: imap-login: Login: user=<********@dbdemon.com>, method=PLAIN, rip=3.90.102.151, lip=78.141.197.193, mpid=22354, TLS, session=<l9qCTgoVE1cDWmaX>
(^^ my username and my own IP address are obfuscated.)
3.90.102.151 is not my IP address. It is not an IP address I recognise at all.
It seems that every other time Evolution retrieves, another such entry appears in the maillog with yet another IP address that I don’t recognise.
This is a new mail server and nobody else knows about my username on this mail server.
Is Evolution sending my credentials to some third-party? That does not seem like a great idea.
Best wishes,
dbdemon
PS: Evolution version is 3.50.4 (3.50.4-1.fc39)