Hi James,
thank your for your report and your help to make Ubuntu better.
These are essentially two issues in one.
For the first being "fail sasl+pam" - would you have some steps to reproduce
the issue.
At least I must admit I never set them up, and others coming by to help might
as well.
So if you'd have a bit of a guide how to trigger the issue that would be great.
It might also help other users with the same issue to find more easily if they
are facing the same that you report.
For the second issue about ip restrictions based on past login attempts
I'd ask you to open up a new bug for it. Essentially as I read it that
is a feature request against the upstream projects more than anything
else - we should keep it separate from your issue #1 to avoid people
being distracted between the two.
** Changed in: cyrus-sasl2 (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1657897
Title:
Failure to report rhosts
Status in cyrus-sasl2 package in Ubuntu:
Incomplete
Bug description:
When using sasl2-bin and saslauthd it will fail to work correctly with pam.
The first major problem is that that it will fail to report the rhost
address in the log which means auth failures cannot be policed and no
useful data (the ip address) is reported to the log file. Example
below during a password brute force attempt.
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user
unknown
Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
The other issue is that it would be great to be able to ip restrict
logins based on pam module configuration. Based on previous reading
and as far as I can tell the remote ip address is not supported
between the imap/pop/smtp process and sasl2 is it possible to add
support for this?
Technically this is a long standing security issue because fail2ban
cannot be used to process the syslog file and auto block the host
during brute force password attempts.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1657897/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
