Thank you Koko for warning , hopelessly i try to my chance :( but i found this after ,i sent email
"...From a cursory inspection of lib/pwcheck.c, saslauthd does not get passed any client IP information and cannot log it or forward it to pam..." selcuk On Wed, Dec 2, 2015 at 12:39 PM, Koko Wijatmoko <k...@wijatmoko.name> wrote: > On Wed, 2 Dec 2015 12:25:53 +0200 > Selcuk Yazar <selcuk.ya...@gmail.com> wrote: > > > i want to track bad login attemps on our mail server running on postfix > at > > redhat. > > > > when i look to our syslog messages i see > > > > mail saslauthd[5345]: do_auth : auth failure: [user=********] > > [service=smtp] [realm=our domain] [mech=ldap] [reason=Unknown] > > > > lines, > > > > is it technically posibble include this line remote ip address? Actually > i > > can show ip address in maillog file but i can match these lines only > using > > date & time > > > the log came from saslauthd daemon, not postfix itself.. > -- Selçuk YAZAR http://www.selcukyazar.blogspot.com