Sorry, logs are essential for this business though here they are:
Jun 22 05:37:16 srv dovecot: imap-login: Error: socket(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: imap-login: Error: socket(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: imap-login: Fatal: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
Jun 22 05:37:17 srv dovecot: pop3-login: Error: socket(pop3) failed: Cannot allocate memory
Jun 22 05:37:17 srv dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Cannot allocate memory
Jun 22 05:37:17 srv dovecot: pop3-login: Internal login failure (pid=9957 id=1) (internal failure, 1 successful auths): user=<xxx>, method=PLAIN, rip=xxx, lip=xxx, TLS, session=
Jun 22 05:38:06 srv postfix/smtpd[9969]: warning: connect to private/tlsmgr: Cannot allocate memory
Jun 22 05:38:06 srv postfix/smtpd[9969]: warning: problem talking to server private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: connect to private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: problem talking to server private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: no entropy for TLS key generation: disabling TLS support
Jun 22 05:38:07 srv postfix/smtpd[9970]: fatal: inet_addr_local[getifaddrs]: getifaddrs: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: connect to private/anvil: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: problem talking to server private/anvil: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: SASL: Connect to private/auth failed: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: fatal: no SASL authentication mechanisms
Jun 22 05:38:08 srv postfix/master[9349]: warning: process /usr/lib/postfix/smtpd pid 9970 exit status 1
Jun 22 05:38:08 srv postfix/master[9349]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Jun 22 05:38:09 srv postfix/master[9349]: warning: process /usr/lib/postfix/smtpd pid 9969 exit status 1
First login attempt by an authorized user (via outlook 2013)
Jun 22 08:02:31 srv dovecot: auth: Error: PLAIN(xxx,xxxx,<xxx>): Request 10617.1 timed out after 150 secs, state=1
Next try (via outlook 2013)
Jun 22 08:04:02 srv dovecot: auth: Error: PLAIN(xxx,xxxx,<xxx>): Request 10628.1 timed out after 150 secs, state=1
After dovecot / postfix restart, he tries again (via outlook 2013)
imap-login: Disconnected (auth failed, 9 attempts in 109 secs): user=<xxx>, method=PLAIN, rip=xxxx, lip=xxx, TLS: Disconnected, session=<xxx>
Jun 22 10:10:54 srv dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=xxx, lip=xxx, session=<xxx>
But login via webmail / localhost works fine for him
Jun 22 11:17:47 srv dovecot: imap-login: Login: user=xxxx, method=PLAIN, rip=::1, lip=::1, mpid=xxxx, TLS, session=<xxx>
Jun 22 11:17:47 srv dovecot: imap(xxxx): Disconnected: Logged out in=91 out=908
Not webmail / outlook 2013
Jun 22 11:17:51 srv dovecot: imap-login: Disconnected (auth failed, 1 attempts in 7 secs): user=<xxxxx>, method=PLAIN, rip=xxx, lip=xxx, TLS: Disconnected, session=<xxxx>