<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <<a href="mailto:jobst@barrett.com.au" class="">jobst@barrett.com.au</a>> wrote:<br class=""><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">I have read somewhere there is a loglevel flag (postfix with ldap and salsauthd) but I do not know how to do this with sendmail and saslauthd.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""></div></blockquote></div><br class=""><div class="">If it's just sendmail you care about, then set your sendmail log level to 10 or higher. If you use sendmail.mc (and convert via m4), then insert the following:<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">define(`confLOG</span><span style="font-variant-ligatures: no-common-ligatures;" class="">_LEVEL', `10')dnl</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><br class=""></span></div><div class="">If you use sendmail.cf directly, then:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">O Log</span><span style="font-variant-ligatures: no-common-ligatures;" class="">Level=10</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><br class=""></span></div><div class="">You can use higher log levels, but 10 is the minimum required to get the SASL auth info. With level 10, you'll get lines like these in /var/log/maillog:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">Sep 8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) </span><span style="font-variant-ligatures: no-common-ligatures; color: rgb(180, 36, 25);" class="">SASL</span><span style="font-variant-ligatures: no-common-ligatures;" class="">(-13): authentication failure: checkpass failed, r</span>elay=[193.169.255.137]</div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><br class=""></span></div><div class="">Correspondingly, you'll see lines like these in /var/log/secure:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">Sep 8 04:22:04 hostname saslauthd[30669]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">Sep 8 04:23:40 hostname saslauthd[30666]: pam_unix(smtp:auth): check pass; user unknown</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><br class=""></span></div><div class="">If the supplied username actually exists (and failed), you'll instead see something like:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">Sep 8 05:50:06 hostname unix_chkpwd[31192]: password check failed for user (someuser)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class="">Sep 8 05:50:06 hostname saslauthd[30667]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=someuser</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><br class=""></span></div><div class="">Unfortunately, saslauthd does not properly log the rhost parameter when used by sendmail. There is a longstanding open bug for this, with a patch that was committed and then rolled back... I don't think this was ever resolved.</div><div class=""><br class=""></div><div class="">Hope this helps.</div><div class=""><br class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">--- Amir</div></div></div></div></div></div></div></div></div><div><br class=""><blockquote type="cite" class=""></blockquote></div></div></div></div></body></html>