Viktor Dukhovni via Postfix-users:
> On Tue, Oct 24, 2023 at 12:52:37PM +0200, Paul Menzel via Postfix-users wrote:
>
> > Jozsef Kadlecsik submitted a patch, and it was accepted and is going to be
> > available in the 3.9 release [1].
> >
> > > 20231006
> > >
> > > Cleanup: attempt to log the SASL username after authentication
> > > failure. This appends ", sasl_username=xxx" to SASL authentication
> > > failure logging. Based on code by Jozsef Kadlecsik. Files:
> > > xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c,
> > > smtpd/smtpd_sasl_glue.c.
>
> >From my logs:
>
> postfix/smtps/smtpd[10521]: warning: unknown[52.253.87.181]:
> SASL PLAIN authentication failed: , sasl_username=test
>
> The ": ," is a an empty SASL library "reply":
>
> src/smtpd/smtpd_sasl_glue.c: msg_warn("%s: SASL %s authentication
> failed: %s, sasl_username=%s",
> src/smtpd/smtpd_sasl_glue.c- state->namaddr, sasl_method,
> src/smtpd/smtpd_sasl_glue.c- STR(state->sasl_reply),
> src/smtpd/smtpd_sasl_glue.c- sasl_username ? sasl_username :
> "(unavailable)");
Here, all stable releases would log:
"warning: unknown[52.253.87.181]: SASL PLAIN authentication failed: "
Which wasn't particularly useful, either. As with the null username.
I think I'll replace the null text from the library with something
that is more visible.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
