On Tue, Apr 25, 2017 at 07:14:56PM -0700, Gordon Messmer (gordon.messmer at gmail.com) wrote: > On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: > > What I want is the IP address and if possible the incorrect password (just to see how far they are off). > > Is this possible? > > I hope not. That's a terrible idea. Every time a user fat-fingers their > password, your plain-text logs have a copy of their almost-correct password. > As always there are tradeoffs ... I have a reasonable strict password policy, so by looking at the failed passwords I can see how far the tries are off the real thing, so it actually is a good thing for me. Also I learn which passwords are used for cracking, which again is a good thing. As for the logged passwords - this is a non user server, only two people have access ... so reading the logs is difficult for imap/sendmail users in the company ... J -- Gravity does not exist, the Earth sucks. | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia