Saslauthd & reporting connecting IP

John Straiton jsmailing at
Thu Apr 17 09:25:36 EDT 2003

	I have what seems like a simple problem I'm just not seeing the
answer to. I use cyrus w/ saslauthd & pam. I get a lot of syslog
messages like: (USERNAME used to protect the mostly-innocent)

Apr 16 17:20:51 mx2 saslauthd[93602]: AUTHFAIL: user=USERNAME
service=pop realm= [PAM auth error]

What I'd like to know is where the source of this attempt was from. What
IP address? It's not been a problem as of yet, but it might take us
longer than I'd like to determine the nature of a brute force attack (or
like) with this information not readily accessable. Idealy, I'd like
that address in this syslog line, but if there's another means to an
end, that'll work too.

John Straiton
jks at
Clickcom, Inc

More information about the Info-cyrus mailing list