On Wed, 10 Sep 2014 16:08:31 +0200 Frank Doepper <[email protected]> wrote:
> Unfortunately saslauthd does not log the IP address. Ah. This apparently is a long-standing problem: http://objectmix.com/sendmail/760733-getting-ip-address-failed-authentications.html I believe if you increase the Sendmail log level to higher than 9, it will log lines like this: Sep 10 10:27:46 vanadium sm-mta[2670]: s8AEQtDU002670: AUTH failure (PLAIN): authentication failure (-13) SASL(-13): authentication failure: Password verification failed which unfortunately does NOT include the remote IP. However, later on if the client disconnects, you'll get: Sep 10 10:28:04 vanadium sm-mta[2670]: s8AEQtDU002670: [email protected] [192.168.10.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6 so you have to correlate those lines based on queue-ID to figure out which IP is failing AUTH. All in all, quite painful. And the default log level is 9, so these messages are not usually logged. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
