diff -Naur dovecot-2.2.31.orig/src/auth/auth-request.c dovecot-2.2.31/src/auth/auth-request.c
--- dovecot-2.2.31.orig/src/auth/auth-request.c	2017-06-26 13:29:36.000000000 +0200
+++ dovecot-2.2.31/src/auth/auth-request.c	2017-08-02 22:33:17.337691170 +0200
@@ -2418,6 +2418,16 @@
 				 const char *crypted_password,
 				 const char *scheme, const char *subsystem)
 {
+	return auth_request_password_verify_log(request, plain_password,
+			crypted_password, scheme, subsystem, TRUE);
+}
+
+int auth_request_password_verify_log(struct auth_request *request,
+				     const char *plain_password,
+				     const char *crypted_password,
+				     const char *scheme, const char *subsystem,
+				     bool log_password_mismatch)
+{
 	const unsigned char *raw_password;
 	size_t raw_password_size;
 	const char *error;
@@ -2465,7 +2475,8 @@
 					"Invalid password%s in passdb: %s",
 					password_str, error);
 	} else if (ret == 0) {
-		auth_request_log_password_mismatch(request, subsystem);
+		if (log_password_mismatch)
+			auth_request_log_password_mismatch(request, subsystem);
 	}
 	if (ret <= 0 && request->set->debug_passwords) T_BEGIN {
 		log_password_failure(request, plain_password,
diff -Naur dovecot-2.2.31.orig/src/auth/auth-request.h dovecot-2.2.31/src/auth/auth-request.h
--- dovecot-2.2.31.orig/src/auth/auth-request.h	2017-06-26 13:29:36.000000000 +0200
+++ dovecot-2.2.31/src/auth/auth-request.h	2017-08-02 22:29:15.674596770 +0200
@@ -238,6 +238,11 @@
 				 const char *plain_password,
 				 const char *crypted_password,
 				 const char *scheme, const char *subsystem);
+int auth_request_password_verify_log(struct auth_request *request,
+				 const char *plain_password,
+				 const char *crypted_password,
+				 const char *scheme, const char *subsystem,
+				 bool log_password_mismatch);
 
 void auth_request_log_debug(struct auth_request *auth_request,
 			    const char *subsystem,
diff -Naur dovecot-2.2.31.orig/src/auth/passdb-cache.c dovecot-2.2.31/src/auth/passdb-cache.c
--- dovecot-2.2.31.orig/src/auth/passdb-cache.c	2017-06-26 13:29:36.000000000 +0200
+++ dovecot-2.2.31/src/auth/passdb-cache.c	2017-08-02 22:29:53.656139376 +0200
@@ -84,8 +84,9 @@
 		scheme = password_get_scheme(&cached_pw);
 		i_assert(scheme != NULL);
 
-		ret = auth_request_password_verify(request, password, cached_pw,
-						   scheme, AUTH_SUBSYS_DB);
+		ret = auth_request_password_verify_log(request, password, cached_pw,
+						   scheme, AUTH_SUBSYS_DB,
+						   !(node->last_success || neg_expired));
 
 		if (ret == 0 && (node->last_success || neg_expired)) {
 			/* a) the last authentication was successful. assume