Hi, using saslauthd 2.1.19 (cyrus-sasl-2.1.19-14) and recently I have been hit with a lot of dictionary attacks using sasl authentication.
While looking at this issue I noticed that the sasl logs, (/var/log/messages) is not logging the remote ip of the failed attempted. [r...@mrelay3 deferred]# tail -f /var/log/messages May 24 11:17:33 mrelay3 smtp(pam_unix)[23505]: check pass; user unknown May 24 11:17:33 mrelay3 smtp(pam_unix)[23505]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= May 24 11:17:35 mrelay3 saslauthd[23505]: do_auth : auth failure: [user=freedo] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error What can I do to have the remote ip show up on the logs. I have looked on this lists archives and searched google but found nothing. If this is not possible for some reason what is the best/recommended way about getting the remote ip info. Also are there any options built into cyrus sasl that can minimize dictionary attacks? Thanks very much, Paul
