Hi, Thanks for the reply. First of I will say that everything to reproduce this is a default configuration for saslauthd. You simply have to install it. The next part would be to install any of the other default like imapd(no configuration required) or sendmail(which does need configured). Or any other client that is capable of using saslauthd
Mayby this isn't understood well or I have come across badly. The problem here in ubuntu is that the saslauthd version in ubuntu doesn't support passing the rhost (the remote ip address) from its front end service to the pam authentication lib's at all. This make logging, blocking of remote ip addresses which are constantly trying usernames / passwords on mail servers via smtp, pop3, imap impossible to monitor, log and block as pam.d authfailure will fail to log any actionable information. Here is more information on the same bug from redhat. https://bugzilla.redhat.com/show_bug.cgi?id=683797 The 2nd issue isn't so much of a feature request as it is actually the same functionality. You cannot have a pam module installed/configured in the system which can lookup say a dns blacklist or database of blocked ip addresses and block access though stand pam configuration that saslauthd uses by default. This makes all pam authentication configuration / logging based on the back of saslauthd that involves an ip address useless / redundant / non functional. This isn't a new problem with saslauthd its just never been fixed.. It dates back to 2011. Across multiple systems and use this package. https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-March/002218.html ** Bug watch added: Red Hat Bugzilla #683797 https://bugzilla.redhat.com/show_bug.cgi?id=683797 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1657897 Title: Failure to report rhosts Status in cyrus-sasl2 package in Ubuntu: Incomplete Bug description: When using sasl2-bin and saslauthd it will fail to work correctly with pam. The first major problem is that that it will fail to report the rhost address in the log which means auth failures cannot be policed and no useful data (the ip address) is reported to the log file. Example below during a password brute force attempt. Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): check pass; user unknown Jan 19 21:57:16 mail saslauthd[1534]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= The other issue is that it would be great to be able to ip restrict logins based on pam module configuration. Based on previous reading and as far as I can tell the remote ip address is not supported between the imap/pop/smtp process and sasl2 is it possible to add support for this? Technically this is a long standing security issue because fail2ban cannot be used to process the syslog file and auto block the host during brute force password attempts. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1657897/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
