The message in my log is logged by postfix/smtpd which is using dovecot for
sasl.
Should dovecot sasl be passing the username back to postfix?
Brad
> On May 23, 2017, at 11:33 PM, Aki Tuomi wrote:
>
> In fact, looking again, dovecot should log the failure with username, if
> available.
>
> A
In fact, looking again, dovecot should log the failure with username, if
available.
Aki
On 24.05.2017 09:22, Aki Tuomi wrote:
> As band-aid you could try looking at the SASL message, if you decode64
> it might contain the username in plain text.
>
> Aki
>
>
> On 23.05.2017 17:44, Bradley Giesbrec
As band-aid you could try looking at the SASL message, if you decode64
it might contain the username in plain text.
Aki
On 23.05.2017 17:44, Bradley Giesbrecht wrote:
> The problem we are facing is incorrect authentications being caught by
> firewall rules and IP’s getting blocked. We would lik
The problem we are facing is incorrect authentications being caught by firewall
rules and IP’s getting blocked. We would like to be able to identify the
problem account to help the domain admin track down the issue.
Does anyone have another idea? We use sql user db so I thought of logging all
l
The problem is that the SASL message contains NTLM(v2) message, so it
would need to be decoded. We can see if there is something we can do
about this. At the moment it's not possible to log this.
Aki
On 23.05.2017 03:23, Bradley Giesbrecht wrote:
> dovecot 2.2.22
> postfix 3.1.1
>
> I’m seeing "
dovecot 2.2.22
postfix 3.1.1
I’m seeing "SASL NTLM authentication failed: {long_hash}” in mail.log.
Is there a way to log the SASL username?
I think postfix is logging what Dovecot SASL is returning so I hope I am asking
on the right list.
Regards,
Bradley Giesbrecht (pixilla)
