Hi folks,

I'm new around here. I'm a happy OpenSMTPD user (on FreeBSD), and I
maintain SSHGuard (https://www.sshguard.net/), a program that reads
system logs and adds temporary firewall rules.

Some SSHGuard users want to use SSHGuard with OpenSMTPD. OpenSMTPD 6.6.0
appears to log SMTP sessions:

May 26 00:20:00 mx01 smtpd[9904]: ce7a8154503699d2 smtp connected
address=a.b.c.d host=a.b.c.d

Subsequent things that happen during that session look like:

May 26 00:20:00 mx01 smtpd[9904]: ce7a8154503699d2 smtp failed-command
command="AUTH LOGIN (password)" result="535 Authentication failed"

Chasing changes in syslog output is a part of maintaining software like
SSHGuard. Unfortunately, my parser (which recently learned how to
pledge!) is a bit dull and would require some re-education to remember
SMTP sessions and their associated IP addresses. So, my questions are:

Why did OpenSMTPD stop reporting IP addresses on every line?

Is there any chance that OpenSMTPD can put IP addresses back on every line?


Kevin Zheng
kevinz5...@gmail.com | kev...@berkeley.edu
XMPP: kev...@eecs.berkeley.edu

Reply via email to