2

Problem: the sendmail default logging configuration does not log per message auth info which I neeed (i.e. I want to know which user/authmethod was used for a certain message id). Following a tip from this entry, I ended up with the following cf lines:

LOCAL_CONFIG
Klog syslog
 # This works
HSubject: $>+LogSubject
 # this does not
HX-Authost: ${mail_host}
HX-Authost: $>+LogAuthAuthor

LOCAL_RULESETS

SLogSubject
R$* $: $(log Subject: $1 authenticated-by: $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1

SLogAuthAuthor
R$* $: $(log Authenticated-by: $1 $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1

The first one yields (in maillog):

sendmail[10814]: r2DEJl9P010814: Subject:the Subject.authenticated by:PLAIN,auser,0,,esmtp,example.com.,someone@example.com

The second:

sendmail[10814]: r2DEJl9P010814: Authenticated-by:example.com.,,,,esmtp,example.com.,auser@example.com

It does therefore appear that the {auth_xxxx} macro are empty when the second rule fires... but they are not. In fact I can log them if I put them on the H line instead:

HX-Authost: ${mail_host} ${auth_type} ${auth_authen} ${auth_ssf} ${auth_author}
HX-Authost: $>+LogAuthAuthor1

Except I do not want to do this because I would be sending out auth information where I only want to log it. In fact the entire solution is coyote ugly, not to mention horribly kludgey, and I would welcome a better one (one that does not begins with "change MTA"-I am perfectly happy with sendmail)

Please note that raising LogLevel to 10 and above (as has been suggested) appears not to cut it because the auth information is logged once per session (i.e. at login), while what I want is having it in message context.

Cheers, alf

Alien Life Form
  • 2,279
  • 2
  • 21
  • 31
  • Do not use the same header name more than once. Try `HX-Authost1` and `HX-Authost2` – AnFi Mar 14 '13 at 13:30

2 Answers2

3

You may create log entries you want in check_eoh (end of headers) or check_data rulesets (after smtp data command).

LOCAL_RULESETS
Scheck_data
R$*    $: $(log Authenticated-by: $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1

[There should be a TAB before $:]
check_data gets as input number_of_recipients, check_eoh gets as input number_of_headers $| total_headers_bytes

check_mail would be a better place but FEATURE(delay_checks) makes it more tricky.

AnFi
  • 5,883
  • 1
  • 12
  • 26
2

Change LogLevel to fit your needs e.g.

define(`confLOG_LEVEL', `14')dnl

http://answers.google.com/answers/threadview?id=398644 Q: Logging of sendmail authenticated user.

In short: Increase LogLevel to 14


RELEASE_NOTES file in sendmail distribution states:

8.10.0/8.10.0   2000/03/01
[...]
  Log basic information about authenticated connections at LogLevel 10 or higher.
AnFi
  • 5,883
  • 1
  • 12
  • 26
  • Yes, I tried that - but it is not what I am after. What LogLevel (at 10 or greater) does is giving info about authentication at the session level. What I want (why I want it is another story) is a log line that ties the message ID to the authenticated user. – Alien Life Form Mar 14 '13 at 08:20
  • OK - I will post another reply better fit to what YOU need. – AnFi Mar 14 '13 at 13:31