Thomas,
I don't know why what I've asked has made you so mad yet again, but I'm
sorry that this has happened whatever the cause.
I think I'm just asking you to consider changing
mlog($cli,"warning: SMTP authentication failed on $serIP") if
$ConnectionLog;
to
mlog($cli,"warning: SMTP authentication failed for
$this->{userauth}{user} on $serIP") if $ConnectionLog;
Even better would be
mlog($cli,"warning: SMTP authentication failed for
$this->{userauth}{user} from $Con{$cli}->{ip} on $serIP") if $ConnectionLog;
That would let me see in an emailed alert
1) When this happened
2) What IP the attempt was made FROM
3) What username was attempted and
4) to what server they tried to authenticate against (which for me is
always the single server we have)
ASSP already warns of a failed auth, so why not give information in the
warning to make it immediately more useful?
*I am not logging passwords at all in ASSP *and I didn't mean to imply that
I was.
I would rather not log the username at all unless there's an authentication
failure, but ASSP doesn't seem to provide that option. It would be useful
to be able to have the failed username in the warning message that ASSP so
nicely already provides.
The vast majority of our users send through a Exchange server accounts with
ASSP as a relay, so no auth info is in the ASSP logs for that. It's rare
for anyone to authenticate against ASSP, but if there are attempts that
fail, I want to know about them. The reason is two fold:
1) The more information we have trying to stop malicious actors the better.
2) There are various monitoring services that I use to try to keep this
single person IT department afloat. Some of those services send their
alerts through ASSP, authenticating. If auth is failing for them, I want
to know. Having
Dec-07-19 19:41:11 a.b.c.d warning: SMTP authentication failed
*for frontdooral...@ourcharity.org* on w.x.y.z
would be helpful so I could quickly be alerted if the monitor itself is
failing to notify.
On Sun, Dec 8, 2019 at 7:42 AM Doug Lytle <supp...@drdos.info> wrote:
> On 12/8/19 7:11 AM, Thomas Eckardt wrote:
> > Is there anyone else, who needs permanently to show authentication
> > information multiple times in unsecured plain text?
>
> At a previous employer and currently on my home mail server, I generate
> Authentication Failure reports daily. And like Mr. Post, I am using
> $main::AUTHLogUser = 1; as a driver for those reports.
>
> I don't necessarily need username logged though, but I wouldn't complain.
>
> This gives me and my previous employer visibility as to what type of
> passwords that the current generation of bots are using and to be
> proactive on changing passwords of end users if things are getting a bit
> to close to real passwords (Case was incorrect or there was a number
> missing, etc).
>
> My previous employer made the statement that, we wouldn't be in the IT
> position if we couldn't be trusted with sensitive information.
>
> Doug
>
>
>
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
