On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <jobst@xxxxxxxxxxxxxx> wrote:
If it's just sendmail you care about, then set your sendmail log level to 10 or higher. If you use sendmail.mc (and convert via m4), then insert the following: define(`confLOG_LEVEL', `10')dnl If you use sendmail.cf directly, then: O LogLevel=10 You can use higher log levels, but 10 is the minimum required to get the SASL auth info. With level 10, you'll get lines like these in /var/log/maillog: Sep 8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[193.169.255.137] Correspondingly, you'll see lines like these in /var/log/secure: Sep 8 04:22:04 hostname saslauthd[30669]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Sep 8 04:23:40 hostname saslauthd[30666]: pam_unix(smtp:auth): check pass; user unknown If the supplied username actually exists (and failed), you'll instead see something like: Sep 8 05:50:06 hostname unix_chkpwd[31192]: password check failed for user (someuser) Sep 8 05:50:06 hostname saslauthd[30667]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=someuser Unfortunately, saslauthd does not properly log the rhost parameter when used by sendmail. There is a longstanding open bug for this, with a patch that was committed and then rolled back... I don't think this was ever resolved. Hope this helps. --- Amir |
