I apologize as I know its is somewhat off topic.
I have a postfix server running saslauthd 2.1.19 (cyrus-sasl-2.1.19-14) and recently I have been hit with a lot of dictionary attacks using sasl authentication. While looking at this issue I noticed that the sasl logs, (/var/log/messages) is not logging the remote ip of the failed attempt. [r...@mrelay3 deferred]# tail -f /var/log/messages May 24 11:17:33 mrelay3 smtp(pam_unix)[23505]: check pass; user unknown May 24 11:17:33 mrelay3 smtp(pam_unix)[23505]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= May 24 11:17:35 mrelay3 saslauthd[23505]: do_auth : auth failure: [user=freedo] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error What can I do to have the remote ip show up on the logs. I have looked on this lists archives and searched google but found nothing. Thanks paul.
