Public bug reported:
When using sasl2-bin and saslauthd it will fail to work correctly with pam.
The first major problem is that that it will fail to report the rhost
address in the log which means auth failures cannot be policed and no
useful data (the ip address) is reported to the log file. Example below
during a password brute force attempt.
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user
unknown
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
The other issue is that it would be great to be able to ip restrict
logins based on pam module configuration. Based on previous reading and
as far as I can tell the remote ip address is not supported between the
imap/pop/smtp process and sasl2 is it possible to add support for this?
Technically this is a long standing security issue because fail2ban
cannot be used to process the syslog file and auto block the host during
brute force password attempts.
** Affects: cyrus-sasl2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: auth imap pam pop3 saslauthd sendmail
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657897
Title:
Failure to report rhosts
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1657897/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
