Increase verbosity of logging of saslauth
Amir Caspi
cepheid at 3phase.com
Thu Sep 12 05:00:47 EDT 2019
On Sep 12, 2019, at 1:44 AM, Jobst Schmalenbach <jobst at barrett.com.au> wrote:
>
> Most of the time those lines look like
>
> Sep 8 11:42:21 sendmail[32726]: x881gCC5032726: AUTH failure (CRAM-MD5): user not found (-20) SASL(-13): user not found: Unable to find a callback: 32775, relay=hosting-by.directwebhost.org <http://hosting-by.directwebhost.org/> [45.227.253.117] (may be forged)
>
> but I never see anything in /var/log/secure
I may be wrong, but I believe that's because the CRAM-MD5 auth mechanism requires sasldb (at least according to the googling I just did). The "unable to find a callback" portion of the error suggests that this auth mechanism isn't configured properly so saslauthd isn't actually doing anything, hence not logging (though I may well be wrong -- I don't use MD5 logins).
Do you require this auth mechanism enabled? If not, you should consider just using PLAIN and LOGIN, making sure that TLS is enabled and required.
If you do require CRAM-MD5, then hopefully someone else can help...
Cheers.
--- Amir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20190912/e7ca88ca/attachment-0001.html>
More information about the Cyrus-sasl
mailing list