Hi
CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7
There are conflicting message on how to increase the logging of saslauthd.
I know I can do this: /usr/sbin/saslauthd -d -n0 -m /var/run/saslauthd -a pam
but that requires a terminal as saslauthd logs the output to STDOUT, this is not what I want.
I would like to have it started as a daemon and verbosity of logging increased into a log file.
How can I increase the verbosity of logging for saslauthd?
thanks
On Wednesday, 11 September 2019 05:34:27 CEST Jobst Schmalenbach wrote:
Hi
CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7
There are conflicting message on how to increase the logging of saslauthd.
I know I can do this: /usr/sbin/saslauthd -d -n0 -m /var/run/saslauthd -a pam
but that requires a terminal as saslauthd logs the output to STDOUT, this is not what I want.
I would like to have it started as a daemon and verbosity of logging increased into a log file.
How can I increase the verbosity of logging for saslauthd?
Using above command, can't you just redirect STDOUT into a log file?
On Wed, Sep 11, 2019 at 01:34:27PM +1000, Jobst Schmalenbach wrote:
CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7
There are conflicting message on how to increase the logging of saslauthd.
I know I can do this: /usr/sbin/saslauthd -d -n0 -m /var/run/saslauthd -a pam
but that requires a terminal as saslauthd logs the output to STDOUT, this is not what I want.
I would like to have it started as a daemon and verbosity of logging increased into a log file.
How can I increase the verbosity of logging for saslauthd?
If you look at the systemd unit for saslauthd, you can see this:
[Unit] Description=SASL authentication daemon. After=syslog.target
[Service] Type=forking PIDFile=/run/saslauthd/saslauthd.pid EnvironmentFile=/etc/sysconfig/saslauthd ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS RuntimeDirectory=saslauthd
[Install] WantedBy=multi-user.target
So all you have to do is edit /etc/sysconfig/saslauthd and put the additional flags in the $FLAGS definition (which is empty by default).
Then the output of the saslauthd will be sent to stdout, which is captured by the journal. You can watch the journal for the saslauthd service unit by running:
journalctl -xfl -u saslauthd.service
On Wed, Sep 11, 2019 at 09:43:32AM -0400, Jonathan Billings (billings@negate.org) wrote:
On Wed, Sep 11, 2019 at 01:34:27PM +1000, Jobst Schmalenbach wrote:
CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7
If you look at the systemd unit for saslauthd, you can see this:
[Unit] Description=SASL authentication daemon. After=syslog.target
[Install] WantedBy=multi-user.target
I have tried that as well before I asked for help, however systemd refuses to accept this as the "-d" keeps saslauthd in foreground. Systemd kills the process after a minute as systemd cannot see that required PID's.
I can also see that saslauth logs when started normally, the logging is just NOT enough. I want to increase the verbosity so I can see what is going on.
For example it does not seem to log the failed username.
thanks anyway.
On Sep 11, 2019, at 7:34 PM, Jobst Schmalenbach jobst@barrett.com.au wrote:
I have tried that as well before I asked for help, however systemd refuses to accept this as the "-d" keeps saslauthd in foreground. Systemd kills the process after a minute as systemd cannot see that required PID's.
You’ll need to also create an /etc/systemd/systemd/saslauthd.service.d/override.conf that has:
[Service] Type=simple
(`systemctl edit saslauthd.service` should do this for you)
This shouldmake systemd leave saslauthd alone rather than waiting for it to fork.
-- Jonathan Billings billings@negate.org
On Wed, Sep 11, 2019 at 08:36:47PM -0400, Jonathan Billings (billings@negate.org) wrote:
On Sep 11, 2019, at 7:34 PM, Jobst Schmalenbach jobst@barrett.com.au wrote:
I have tried that as well before I asked for help, however systemd refuses to accept this as the "-d" keeps saslauthd in foreground. Systemd kills the process after a minute as systemd cannot see that required PID's.
You???ll need to also create an /etc/systemd/systemd/saslauthd.service.d/override.conf that has:
[Service] Type=simple This shouldmake systemd leave saslauthd alone rather than waiting for it to fork.
Good idea and it does, thanks!
Logging still isn't enough, though. Like it seems debugging some incorrect usernames still is a search in the bloody dark.
Just found a mailing list of cyrau sasl, just subscribed to it. Sending an email to the list aafter this.
-
hw -
Jobst Schmalenbach -
Jonathan Billings