unsuccessful auth & logs
Vladimir Vassiliev
I can see only such entries:
Sep 30 11:37:19 mail saslauthd[3067]: do_auth : auth failure: [user=maribor] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
It's not very informative.
--
Vladimir Vassiliev <vo...@edu.yar.ru>
Andrzej Adam Filip
> Is this possible to log IP from which auth failures occurs?
>
> I can see only such entries:
> Sep 30 11:37:19 mail saslauthd[3067]: do_auth : auth failure: [user=maribor] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
>
> It's not very informative.
Have you tried to use user@domain as user name?
The link below is about postfix but it gives a few hints relevant to
sendmail too :
http://www.irbs.net/internet/postfix/0410/1565.html
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : an...@xl.wp.pl
Conscience doth make cowards of us all.
-- Shakespeare
Vladimir Vassiliev
Thanks, but I means different. I want to register brute force attempts against SMTP AUTH.
I have found that problem already discussed here some days earlier. Sorry for noise.
--
Vladimir Vassiliev <vo...@edu.yar.ru>
Andrzej Adam Filip
> [ about saslauthd logging ]
> Thanks, but I means different. I want to register brute force attempts
> against SMTP AUTH. I have found that problem already discussed here
> some days earlier. Sorry for noise.
For my curiosity (and public record):
1) Do you use firewall (e.g. Linux iptables) to limit SMTP connections rate?
2) Does sendmail limits number of AUTH attempts over single SMTP connection?
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : an...@xl.wp.pl
"I take Him shopping with me. I say, 'OK, Jesus, help me find a bargain'"
-- Tammy Faye Bakker