>
> fixed in assp 2.6.4 *SPAM-Evaporator* build 19350:
> ...
> - minor logging changes related to 'AUTHLogUser' and 'AUTHLogPWD'
>
THANK YOU
On Sun, Dec 8, 2019 at 10:35 AM K Post <nntp.p...@gmail.com> wrote:
> Thomas,
>
> I don't know why what I've asked has made you so mad yet again, but I'm
> sorry that this has happened whatever the cause.
>
> I think I'm just asking you to consider changing
> mlog($cli,"warning: SMTP authentication failed on $serIP") if
> $ConnectionLog;
> to
> mlog($cli,"warning: SMTP authentication failed for
> $this->{userauth}{user} on $serIP") if $ConnectionLog;
> Even better would be
> mlog($cli,"warning: SMTP authentication failed for
> $this->{userauth}{user} from $Con{$cli}->{ip} on $serIP") if $ConnectionLog;
>
> That would let me see in an emailed alert
> 1) When this happened
> 2) What IP the attempt was made FROM
> 3) What username was attempted and
> 4) to what server they tried to authenticate against (which for me is
> always the single server we have)
>
> ASSP already warns of a failed auth, so why not give information in the
> warning to make it immediately more useful?
>
> *I am not logging passwords at all in ASSP *and I didn't mean to imply
> that I was.
>
> I would rather not log the username at all unless there's an
> authentication failure, but ASSP doesn't seem to provide that option. It
> would be useful to be able to have the failed username in the warning
> message that ASSP so nicely already provides.
>
> The vast majority of our users send through a Exchange server accounts
> with ASSP as a relay, so no auth info is in the ASSP logs for that. It's
> rare for anyone to authenticate against ASSP, but if there are attempts
> that fail, I want to know about them. The reason is two fold:
> 1) The more information we have trying to stop malicious actors the better.
> 2) There are various monitoring services that I use to try to keep this
> single person IT department afloat. Some of those services send their
> alerts through ASSP, authenticating. If auth is failing for them, I want
> to know. Having
> Dec-07-19 19:41:11 a.b.c.d warning: SMTP authentication failed
> *for frontdooral...@ourcharity.org* on w.x.y.z
> would be helpful so I could quickly be alerted if the monitor itself is
> failing to notify.
>
>
>
>
>
> On Sun, Dec 8, 2019 at 7:42 AM Doug Lytle <supp...@drdos.info> wrote:
>
>> On 12/8/19 7:11 AM, Thomas Eckardt wrote:
>> > Is there anyone else, who needs permanently to show authentication
>> > information multiple times in unsecured plain text?
>>
>> At a previous employer and currently on my home mail server, I generate
>> Authentication Failure reports daily. And like Mr. Post, I am using
>> $main::AUTHLogUser = 1; as a driver for those reports.
>>
>> I don't necessarily need username logged though, but I wouldn't complain.
>>
>> This gives me and my previous employer visibility as to what type of
>> passwords that the current generation of bots are using and to be
>> proactive on changing passwords of end users if things are getting a bit
>> to close to real passwords (Case was incorrect or there was a number
>> missing, etc).
>>
>> My previous employer made the statement that, we wouldn't be in the IT
>> position if we couldn't be trusted with sensitive information.
>>
>> Doug
>>
>>
>>
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
