On Thu, Sep 12, 2019 at 12:04:19AM -0600, Amir Caspi (cepheid@xxxxxxxxxx) wrote: > On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <jobst@xxxxxxxxxxxxxx> wrote: > > > If it's just sendmail you care about, then set your sendmail log level to 10 or higher. If you use sendmail.mc (and convert via m4), then insert the following: > O LogLevel=10 > You can use higher log levels, but 10 is the minimum required to get the SASL auth info. With level 10, you'll get lines like these in /var/log/maillog: Thanks for the reply! I have had this set to 14 for a long time due to some MILTERS I have running and I need the read the output of those milters. > > Sep 8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[193.169.255.137] These lines are my problem exactly ... I only sometimes get anything in /var/log/secure Most of the time those lines look like Sep 8 11:42:21 sendmail[32726]: x881gCC5032726: AUTH failure (CRAM-MD5): user not found (-20) SASL(-13): user not found: Unable to find a callback: 32775, relay=hosting-by.directwebhost.org [45.227.253.117] (may be forged) but I never see anything in /var/log/secure S my problem is I cannot see the username and/or whether it actually exists. I would like - at the very least - see the names, so I can see whether the person trying is having SOME clue or is far of the planet (just for my own sake). I get some entries like so Aug 26 18:43:47 saslauthd[1291]: do_auth : auth failure: [user=test] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] but at most of the times I see nothing. It would be helpful to at least see the usernames .... if they are far off I could not care less. But there are literrally hundreds of those "user not found" messages in the maillog without corresponding entires in /var/log/secure. -- Jobst Schmalenbach A computer without Microsoft is like chocolate cake without ketchup!
