It is better to put these two lines into violations.ignore.d/logcheck-saslauthd because then the output will at least include the user name. If you need the remote IP, you should look at the postfix (or MTA) logs; saslauthd does not log it
I did file a bug on libpam-modules though; once that's fixed, the
original rule files can/should be used. See #369490.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG:
auth_pam: pam_authenticate failed: User not known to the underlying
authentication module$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
\(pam_unix\) (1 more )?authentication failure; logname= uid=0 euid=0 tty=
ruser= rhost=$
Thanks,
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
signature.asc
Description: Digital signature (GPG/PGP)
