On Sep 12, 2019, at 1:44 AM, Jobst Schmalenbach <jo...@barrett.com.au> wrote: > > Most of the time those lines look like > > Sep 8 11:42:21 sendmail[32726]: x881gCC5032726: AUTH failure (CRAM-MD5): > user not found (-20) SASL(-13): user not found: Unable to find a callback: > 32775, relay=hosting-by.directwebhost.org > <http://hosting-by.directwebhost.org/> [45.227.253.117] (may be forged) > > but I never see anything in /var/log/secure
I may be wrong, but I believe that's because the CRAM-MD5 auth mechanism requires sasldb (at least according to the googling I just did). The "unable to find a callback" portion of the error suggests that this auth mechanism isn't configured properly so saslauthd isn't actually doing anything, hence not logging (though I may well be wrong -- I don't use MD5 logins). Do you require this auth mechanism enabled? If not, you should consider just using PLAIN and LOGIN, making sure that TLS is enabled and required. If you do require CRAM-MD5, then hopefully someone else can help... Cheers. --- Amir
