Re: [CentOS] saslauth logging

2017-04-26 Thread John Hodrien
On Wed, 26 Apr 2017, Jobst Schmalenbach wrote: On Tue, Apr 25, 2017 at 07:14:56PM -0700, Gordon Messmer (gordon.mess...@gmail.com) wrote: On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: What I want is the IP address and if possible the incorrect password (just to see how far they are off).

Re: [CentOS] saslauth logging

2017-04-26 Thread John R Pierce
On 4/25/2017 10:19 PM, Jobst Schmalenbach wrote: Good answer, makes sense. As for the higher layer used - can be either sendmail or imaps as both use the saslauth. Just need to find a way to "connect" the sasl request to the caller that issued the sasl request ... doesn't sendmail and your

Re: [CentOS] saslauth logging

2017-04-25 Thread Jobst Schmalenbach
On Tue, Apr 25, 2017 at 07:14:56PM -0700, Gordon Messmer (gordon.mess...@gmail.com) wrote: > On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: > > What I want is the IP address and if possible the incorrect password (just > > to see how far they are off). > > Is this possible? > > I hope not.

Re: [CentOS] saslauth logging

2017-04-25 Thread Jobst Schmalenbach
On Tue, Apr 25, 2017 at 07:15:43PM -0700, John R Pierce (pie...@hogranch.com) wrote: > On 4/25/2017 7:00 PM, Jobst Schmalenbach wrote: > > snip > > client request originated from, so logging the IP of the failed request had > best be done at a higher layer. Good answer, makes sense. As for the

Re: [CentOS] saslauth logging

2017-04-25 Thread John R Pierce
On 4/25/2017 7:00 PM, Jobst Schmalenbach wrote: Is it possible on to log a bit more detail when auth failure occurs when using saslauthd? saslauthd[2119]: do_auth : auth failure: [user=DELETED] [service=smtp] [realm=DELETED] [mech=pam] [reason=PAM auth error] What I want is the IP address

Re: [CentOS] saslauth logging

2017-04-25 Thread Gordon Messmer
On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: What I want is the IP address and if possible the incorrect password (just to see how far they are off). Is this possible? I hope not. That's a terrible idea. Every time a user fat-fingers their password, your plain-text logs have a copy

[CentOS] saslauth logging

2017-04-25 Thread Jobst Schmalenbach
Hi Not sure whether this is the correct list to ask ... if it's not please direct me to the correct one. Is it possible on to log a bit more detail when auth failure occurs when using saslauthd? saslauthd[2119]: do_auth : auth failure: [user=DELETED] [service=smtp] [realm=DELETED]