Am 27.05.2014 23:04, schrieb Wietse Venema: > li...@rhsoft.net: >> the problem ist that postfix has no idea of the SASL internals and should >> not need to - in case of dovecot i asked a few days ago to log the username >> because in case of using dovecot as SASL provider that's the only instance >> which decodes the input and verify it against the user-db > > Would not it be sufficient to trigger on repeated authentication > failures, regardless of the login name?
no - the problem is that i wanto to *help* users failing again and again to send mail from mobile devices without realize that the change of the POP3/IMAP password was not enough and need to do the same for the outgoing server in days of a lot of devices and carrier grade NAT filter the logs for successful IMAP/POP3 logins from the same IP is just blind guessinf one may say it's the users problem - well i faced users clients to send the same message again and agin every 5 minutes until that damned iphone got stolen and so the log flood ended :-( > As Reindl observed, Postfix does not decode SASL protocols, it just > passes strings between the remote SMTP client and the local Dovecot > server or SASL implementation. sadly yes - *dovecot* should log that
