But it seems that all the useful information is already shown in the
dovecot log line (unless we want to differentiate SASL vs IMAP auth
failures for some reason).
Eugene
On 17.05.2023 14:06, Wietse Venema via Postfix-users wrote:
Matus UHLAR - fantomas via Postfix-users:
[ Charset
Matus UHLAR - fantomas via Postfix-users:
[ Charset ISO-8859-2 converted... ]
> >On 2023-05-16 at 12:19:03 UTC-0400 (Tue, 16 May 2023 18:19:03 +0200)
> >V?ctor Rubiella Monfort via Postfix-users
> >is rumored to have said:
> >>For example for imap/pop login failures dovecot log email account
>
On 2023-05-16 at 12:19:03 UTC-0400 (Tue, 16 May 2023 18:19:03 +0200)
Víctor Rubiella Monfort via Postfix-users
is rumored to have said:
For example for imap/pop login failures dovecot log email account
that produces the failure.
On 16.05.23 13:57, Bill Cole via Postfix-users wrote:
If you are
On 17/05/23 00:14, mailmary--- via Postfix-users wrote:
I am talking about the authentication email, not MAIL FROM or RCPT TO.
There is no "authentication email". There is a login username which can
be just about anything and in your case likely just happens to match the
user's email
On 2023-05-16 at 12:19:03 UTC-0400 (Tue, 16 May 2023 18:19:03 +0200)
Víctor Rubiella Monfort via Postfix-users
is rumored to have said:
For example for imap/pop login failures dovecot log email account that
produces the failure.
If you are using Dovecot for SASL and have auth_verbose enabled
On Tue, May 16, 2023 at 07:32:55PM +0300, Eugene R via Postfix-users wrote:
> Am I correct that the string in question should normally contain the SASL
> response? While the "Password:" is apparently some interactive prompt,
> indicating that something might be wrong with the connection or
>
Hello,
Am I correct that the string in question should normally contain the
SASL response? While the "Password:" is apparently some interactive
prompt, indicating that something might be wrong with the connection or
configuration?
Eugene
On 16.05.2023 17:06, Wietse Venema via Postfix-users
Hi,
But what about show user login? Currently we have issues when fail2ban
blocks IPS for a high number or failed logins, but is a customer with
several mail accounts and he don't know which bad-configured account is
causing the ban.
Would be so healpfull shows the sasl_username that
mailmary--- via Postfix-users skrev den 2023-05-16 14:14:
so why not report the email, instead of a base64 string?
how usefull is decode of base64 here ?
its what happens next it more usefull to log
https://github.com/PowerDNS/weakforced
___
Wietse Venema via Postfix-users skrev den 2023-05-16 13:52:
That is not the case.
i know my weakforced is not perfekt but i see all detail before reject,
even if postfix dont log it
https://github.com/PowerDNS/weakforced
___
Postfix-users mailing
mailmary--- via Postfix-users skrev den 2023-05-16 11:50:
Isn't the above useless? Should it say something like:
SASL LOGIN authentication failed: failed@email.address
PS:
I know that I can add -v to the smtpd submission process to get
thousands of debug lines and among them is the
mailmary--- via Postfix-users:
>
> In all honesty, the current situation of logging the base64 string
> "UGFzc3dvcmQ6" does not help us.
>
> Maybe we could reconsider, and actually log the data (raw or base64-decoded)?
Absolutely not. As a matter of security principle, one does not
log the
In all honesty, the current situation of logging the base64 string
"UGFzc3dvcmQ6" does not help us.
Maybe we could reconsider, and actually log the data (raw or base64-decoded)?
On Tue, 16 May 2023 09:30:44 -0400 (EDT) Wietse Venema via Postfix-users
wrote:
> mailmary--- via
mailmary--- via Postfix-users:
>
> I am talking about the authentication email, not MAIL FROM or RCPT TO.
>
> hmm, when using the -v parameter, just above the "SASL LOGIN
> authentication failed: UGFzc3dvcmQ6" log entry, I can clearly see
> the email/password
>
> thus postfix knows the email
I am talking about the authentication email, not MAIL FROM or RCPT TO.
hmm, when using the -v parameter, just above the "SASL LOGIN authentication
failed: UGFzc3dvcmQ6" log entry, I can clearly see the email/password
thus postfix knows the email address being authenticated BEFORE the error
mailmary--- via Postfix-users:
>
> Out of curiosity, why does postfix display the base64 encoded "Password:"
> string on failed authentication, instead of the user/email that actually
> failed?
>
> eg:
> warning: unknown[59.2.250.144]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
...
>
>
16 matches
Mail list logo