Increase verbosity of logging of saslauth
Amir Caspi
cepheid at 3phase.com
Thu Sep 12 02:04:19 EDT 2019
On Sep 11, 2019, at 9:40 PM, Jobst Schmalenbach <jobst at barrett.com.au> wrote:
>
> I have read somewhere there is a loglevel flag (postfix with ldap and salsauthd) but I do not know how to do this with sendmail and saslauthd.
If it's just sendmail you care about, then set your sendmail log level to 10 or higher. If you use sendmail.mc (and convert via m4), then insert the following:
define(`confLOG_LEVEL', `10')dnl
If you use sendmail.cf directly, then:
O LogLevel=10
You can use higher log levels, but 10 is the minimum required to get the SASL auth info. With level 10, you'll get lines like these in /var/log/maillog:
Sep 8 04:22:06 hostname sendmail[30028]: x884M25w030028: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[193.169.255.137]
Correspondingly, you'll see lines like these in /var/log/secure:
Sep 8 04:22:04 hostname saslauthd[30669]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 8 04:23:40 hostname saslauthd[30666]: pam_unix(smtp:auth): check pass; user unknown
If the supplied username actually exists (and failed), you'll instead see something like:
Sep 8 05:50:06 hostname unix_chkpwd[31192]: password check failed for user (someuser)
Sep 8 05:50:06 hostname saslauthd[30667]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=someuser
Unfortunately, saslauthd does not properly log the rhost parameter when used by sendmail. There is a longstanding open bug for this, with a patch that was committed and then rolled back... I don't think this was ever resolved.
Hope this helps.
--- Amir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20190912/fa6caefd/attachment.html>
More information about the Cyrus-sasl
mailing list