On 4/25/2017 7:00 PM, Jobst Schmalenbach wrote: > Is it possible on to log a bit more detail when auth failure occurs when using saslauthd? > > saslauthd[2119]: do_auth : auth failure: [user=DELETED] [service=smtp] [realm=DELETED] [mech=pam] [reason=PAM auth error] > > What I want is the IP address and if possible the incorrect password (just to see how far they are off). > Is this possible? what protocol are these users connecting with thats using saslauthd ? http or smtp or imap or what? I'm pretty sure that by the time you've gotten down to the SASL layer, saslauthd has no clue what iP address the client request originated from, so logging the IP of the failed request had best be done at a higher layer. -- john r pierce, recycling bits in santa cruz