Jozsef Kadlecsik: > If I increase the log_level to 4 in the sasl config for smtpd and add -v > to smtpd in master.cf, then the username is reported in the log:
Of course the login name is sent via the AUTH command, and it will show up in the raw protocol logging. Your example is for the LOGIN mechanismm. Other mechanisms use different request and response formats. > Would you consider applying a patch something like this: Has this been tested: - With Cyrus SASL? - With Dovecot auth? - With malformed AUTH commands? According to https://doc.dovecot.org/developer_manual/design/auth_protocol/ the auth server returns a username when authentication is successful (OK) and when the username or password are bad (FAIL). With Dovecot auth, a malfrormed AUTH command will result in an unknown username which your patch covers. I don't know if Cyrus SASL sasl_getprop(..., SASL_USERNAME, ...) Will return a username when the password is bad, but I suppose you already verified that. However, in the case of a malformed AUTH command with a Cyrus SASL backend, there is no username, and xsasl_cyrus_server_get_username() will log an ugly warning when the username is unavailable: msg_warn("%s: sasl_getprop SASL_USERNAME botch: %s", myname, xsasl_cyrus_strerror(sasl_status)); The xsasl_server_get_username() documentation says that this function returnsd the username after a successful authentication; behavior is unspecified after authentication failure. That will need to be updated such that the function returns null after a malformed AUTH request. Other than that, the patch will likely work. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
