we implemented a submission server with SASL authentication. nothing special...
also we use to grep for "sasl_username=$customer_with_trouble".

today I noticed, the successful authentication was not logged because a sender 
address was rejected.
Looks like sasl_username logging happen only with a valid QueueID which is not 
available in some cases.
I only assume the authentication was successful by the final log entry mention 

postfix/submission/smtpd[31338]: connect from foo.example.org[]
postfix/submission/smtpd[31338]: Anonymous TLS connection established from 
foo.example.org[]: TLSv1 with cipher $not_important_here
postfix/submission/smtpd[31338]: NOQUEUE: reject: RCPT from 
foo.example.org[]: 550 5.1.0 <unknown_sen...@example.org>: Sender 
address rejected: User unknown; ...
postfix/submission/smtpd[31338]: disconnect from foo.example.org[] 
ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7

would it make sense / be possible to log successful authentication always?


Reply via email to