[CentOS] saslauth logging

Wed Apr 26 05:27:42 UTC 2017
Jobst Schmalenbach <jobst at barrett.com.au>

On Tue, Apr 25, 2017 at 07:14:56PM -0700, Gordon Messmer (gordon.messmer at gmail.com) wrote:
> On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote:
> > What I want is the IP address and if possible the incorrect password (just to see how far they are off).
> > Is this possible?
> I hope not.  That's a terrible idea.  Every time a user fat-fingers their
> password, your plain-text logs have a copy of their almost-correct password.

As always there are tradeoffs ... 
I have a reasonable strict password policy, so by looking at the failed passwords I can see how far the tries are off the real thing, so it actually is a good thing for me. Also I learn which passwords are used for cracking, which again is a good thing. As for the logged passwords - this is a non user server, only two people have access ... so reading the logs is difficult for imap/sendmail users in the company ...


Gravity does not exist, the Earth sucks.

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia