Saslauthd & reporting connecting IP

John Straiton jsmailing at clickcom.com
Thu Apr 17 09:25:36 EDT 2003


Greets!
	I have what seems like a simple problem I'm just not seeing the
answer to. I use cyrus w/ saslauthd & pam. I get a lot of syslog
messages like: (USERNAME used to protect the mostly-innocent)

Apr 16 17:20:51 mx2 saslauthd[93602]: AUTHFAIL: user=USERNAME
service=pop realm= [PAM auth error]

What I'd like to know is where the source of this attempt was from. What
IP address? It's not been a problem as of yet, but it might take us
longer than I'd like to determine the nature of a brute force attack (or
like) with this information not readily accessable. Idealy, I'd like
that address in this syslog line, but if there's another means to an
end, that'll work too.

Ideas?
John Straiton
jks at clickcom.com
Clickcom, Inc
704-365-9970x101 






More information about the Info-cyrus mailing list