Re: HOLD access action and smtpd_proxy_filter

Mon, 24 Oct 2022 06:10:55 -0700 


Ok unaware this was fixed? will look into that

fyi - i dont log passwords just username & ip addresses !

but appreceate the input



Happy Monday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 10/24/2022 9:04 AM, Viktor Dukhovni wrote:


On Mon, Oct 24, 2022 at 08:23:46AM -0400, Paul Kudla wrote:


ok i had similiar issues and ended up patching the sasl auth system
inside postfix to include login username & IP ADDRESS

this gave a single log file entry (syslog, file whatever postfix was
configured to do) showing that the account had been accessed for sending
an email


There's no need for this.  Both are already logged together.

     
https://github.com/vdukhovni/postfix/blob/master/postfix/src/smtpd/smtpd.c#L2288-L2305

Posting the entire source file, rather than a patch is not terribly
useful.


also it tracks bad login's

example :

www-1       10-24 08:13:29 {postfix.in/smtpd[53113] (1222051970)
xsasl_cyrus_server_first: sasl_method LOGIN
www-1       10-24 08:13:29 {postfix.in/smtpd[53113] (1222051971)
xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
www-1       10-24 08:13:30 {postfix.in/smtpd[53113] (1222052015)
xsasl_cyrus_server_next: decoded response: israelk5k...@clancyca.com
www-1       10-24 08:13:30 {postfix.in/smtpd[53113] (1222052016)
xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
www-1       10-24 08:13:32 {postfix.in/smtpd[53113] (1222052035)
xsasl_cyrus_server_next: decoded response: c@15
www-1       10-24 08:13:32 {postfix.in/smtpd[53113] (1222052036) SASL
authentication info: sql plugin: no result found
www-1       10-24 08:13:32 {postfix.in/smtpd[53113] (1222052037)
warning: unknown[183.182.107.110]: SASL LOGIN authentication failed:
authentication failure


I would be generally reluctant to log username/password for bad logins,
these can leak cases where a password is accidentally pasted into a
username field, or there's a minor typo, and so can compromise cleartext
passwords.























					Reply via email to