On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <jo...@barrett.com.au> wrote: > > I have read somewhere there is a loglevel flag (postfix with ldap and > salsauthd) but I do not know how to do this with sendmail and saslauthd.
If it's just sendmail you care about, then set your sendmail log level to 10 or higher. If you use sendmail.mc (and convert via m4), then insert the following: define(`confLOG_LEVEL', `10')dnl If you use sendmail.cf directly, then: O LogLevel=10 You can use higher log levels, but 10 is the minimum required to get the SASL auth info. With level 10, you'll get lines like these in /var/log/maillog: Sep 8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[193.169.255.137] Correspondingly, you'll see lines like these in /var/log/secure: Sep 8 04:22:04 hostname saslauthd[30669]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Sep 8 04:23:40 hostname saslauthd[30666]: pam_unix(smtp:auth): check pass; user unknown If the supplied username actually exists (and failed), you'll instead see something like: Sep 8 05:50:06 hostname unix_chkpwd[31192]: password check failed for user (someuser) Sep 8 05:50:06 hostname saslauthd[30667]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=someuser Unfortunately, saslauthd does not properly log the rhost parameter when used by sendmail. There is a longstanding open bug for this, with a patch that was committed and then rolled back... I don't think this was ever resolved. Hope this helps. --- Amir
