A. Schulze:
> Hello,
> we implemented a submission server with SASL authentication. nothing 
> special...
> also we use to grep for "sasl_username=$customer_with_trouble".
> today I noticed, the successful authentication was not logged
> because a sender address was rejected.  Looks like sasl_username
> logging happen only with a valid QueueID which is not available
> in some cases.  I only assume the authentication was successful
> by the final log entry mention "auth=1"
> postfix/submission/smtpd[31338]: connect from foo.example.org[]
> postfix/submission/smtpd[31338]: Anonymous TLS connection established from 
> foo.example.org[]: TLSv1 with cipher $not_important_here
> postfix/submission/smtpd[31338]: NOQUEUE: reject: RCPT from 
> foo.example.org[]: 550 5.1.0 <unknown_sen...@example.org>: Sender 
> address rejected: User unknown; ...
> postfix/submission/smtpd[31338]: disconnect from foo.example.org[] 
> ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7
> would it make sense / be possible to log successful authentication always?

No, that would log it too often in normal sessions. Instead it can
be logged for rejected commands.

    reject: from host[addr] ...; from=<sender>, to=<recip>, proto=SMTP,
    helo=<helo>, sasl_username=<user>


Reply via email to