Hi James, thank your for your report and your help to make Ubuntu better. These are essentially two issues in one.
For the first being "fail sasl+pam" - would you have some steps to reproduce the issue. At least I must admit I never set them up, and others coming by to help might as well. So if you'd have a bit of a guide how to trigger the issue that would be great. It might also help other users with the same issue to find more easily if they are facing the same that you report. For the second issue about ip restrictions based on past login attempts I'd ask you to open up a new bug for it. Essentially as I read it that is a feature request against the upstream projects more than anything else - we should keep it separate from your issue #1 to avoid people being distracted between the two. ** Changed in: cyrus-sasl2 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1657897 Title: Failure to report rhosts Status in cyrus-sasl2 package in Ubuntu: Incomplete Bug description: When using sasl2-bin and saslauthd it will fail to work correctly with pam. The first major problem is that that it will fail to report the rhost address in the log which means auth failures cannot be policed and no useful data (the ip address) is reported to the log file. Example below during a password brute force attempt. Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user unknown Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= The other issue is that it would be great to be able to ip restrict logins based on pam module configuration. Based on previous reading and as far as I can tell the remote ip address is not supported between the imap/pop/smtp process and sasl2 is it possible to add support for this? Technically this is a long standing security issue because fail2ban cannot be used to process the syslog file and auto block the host during brute force password attempts. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1657897/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp