Re: Increase verbosity of logging of saslauth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <jobst@xxxxxxxxxxxxxx> wrote:

I have read somewhere there is a loglevel flag (postfix with ldap and salsauthd) but I do not know how to do this with sendmail and saslauthd.

If it's just sendmail you care about, then set your sendmail log level to 10 or higher.  If you use (and convert via m4), then insert the following:

define(`confLOG_LEVEL', `10')dnl

If you use directly, then:

O LogLevel=10

You can use higher log levels, but 10 is the minimum required to get the SASL auth info.  With level 10, you'll get lines like these in /var/log/maillog:

Sep  8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[]

Correspondingly, you'll see lines like these in /var/log/secure:

Sep  8 04:22:04 hostname saslauthd[30669]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep  8 04:23:40 hostname saslauthd[30666]: pam_unix(smtp:auth): check pass; user unknown

If the supplied username actually exists (and failed), you'll instead see something like:

Sep  8 05:50:06 hostname unix_chkpwd[31192]: password check failed for user (someuser)
Sep  8 05:50:06 hostname saslauthd[30667]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=someuser

Unfortunately, saslauthd does not properly log the rhost parameter when used by sendmail.  There is a longstanding open bug for this, with a patch that was committed and then rolled back... I don't think this was ever resolved.

Hope this helps.

--- Amir

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux