Log username in maillogs when there is SASL authentication failure

Question

I have a server with postfix and cyrus-sasl. When ever there is an authentication failure it reports in maillog below line.

postfix/smtpd[27669]: warning: unknown[185.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure

How can I make it so that it will also report the username that failed in the log file ( like SASL LOGIN authentication failed: authentication failure for bob )?

score 2 · Answer 1 · answered Oct 22 '18 at 09:55

Try setting the logging level as log_level:4 in smtpd.conf ( might be /usr/lib/sasl2/smtpd.conf )

*log_level controls the level of verbosity of messages sent to the syslogd service.
0 no messages
1 unusual errors
2 all authentication errors
3 log non-fatal warnings
4 more verbose than 3
5 more verbose than 4
6 traces of internal protocols
7 traces of internal protocols, including pass-words*

In /etc/postfix/master.cf, add -v after a process like

smtp      inet  n       -       n       -       -       smtpd -v

You can also debug a specific client IP-address by setting theh following in master.cf

debug_peer_list = 192.168.0.1

Log username in maillogs when there is SASL authentication failure

1 Answers1