remote client ip
razor at meganet.net
Mon May 24 12:31:03 EDT 2010
Hi, using saslauthd 2.1.19 (cyrus-sasl-2.1.19-14) and recently I have been
hit with a lot of dictionary attacks using sasl authentication.
While looking at this issue I noticed that the sasl logs,
(/var/log/messages) is not logging the remote ip of the failed attempted.
[root at mrelay3 deferred]# tail -f /var/log/messages
May 24 11:17:33 mrelay3 smtp(pam_unix): check pass; user unknown
May 24 11:17:33 mrelay3 smtp(pam_unix): authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
May 24 11:17:35 mrelay3 saslauthd: do_auth : auth failure:
[user=freedo] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error
What can I do to have the remote ip show up on the logs. I have looked on
this lists archives and searched google but found nothing. If this is not
possible for some reason what is the best/recommended way about getting the
remote ip info. Also are there any options built into cyrus sasl that can
minimize dictionary attacks?
Thanks very much, Paul
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cyrus-sasl