[CentOS] saslauth logging

Wed Apr 26 02:15:43 UTC 2017
John R Pierce <pierce at hogranch.com>

On 4/25/2017 7:00 PM, Jobst Schmalenbach wrote:
> Is it possible on to log a bit more detail when auth failure occurs when using saslauthd?
>
>    saslauthd[2119]: do_auth : auth failure: [user=DELETED] [service=smtp] [realm=DELETED] [mech=pam] [reason=PAM auth error]
>
> What I want is the IP address and if possible the incorrect password (just to see how far they are off).
> Is this possible?


what protocol are these users connecting with thats using saslauthd 
?      http or smtp or imap or what?   I'm pretty sure that by the time 
you've gotten down to the SASL layer, saslauthd has no clue what iP 
address the client request originated from, so logging the IP of the 
failed request had best be done at a higher layer.


-- 
john r pierce, recycling bits in santa cruz