Running the RHEL 5 version of Postfix (2.3.3), and Cyrus SASL from version 2.1.22.
Currently, on an auth failure, saslauthd logs the username to the auth facility, but not the connecting IP (which presumably it doesn't know about). smtpd, which presumably does know the username, doesn't log it (not sure if this is to prevent logging in cases where someone sends a password as a username, or what). e.g., Jan 17 04:39:35 earth-doxen postfix/smtpd[14590]: warning: SASL authentication failure: Password verification failed Jan 17 04:39:35 earth-doxen postfix/smtpd[14590]: warning: ool-ad03c852.dyn.optonline.net[173.3.200.82]: SASL PLAIN authentication failed: authentication failure Once a user successfully authenticates, the sasl_username is logged. Do later versions of Postfix log the username for auth failures? Is there any way to log this information with the version of Postfix that I have? Obviously, it's usually possible to piece together the saslauthd and smtpd entries to figure out the whole story, but you could imagine a scenario where there are two authentication failures within the same second, or where for some other reason things don't match up perfectly. w
