From owner-freebsd-questions@FreeBSD.ORG Tue Jun 4 15:59:57 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B19B9289 for ; Tue, 4 Jun 2013 15:59:57 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id 7FD6D1AAB for ; Tue, 4 Jun 2013 15:59:57 +0000 (UTC) Received: from [10.219.130.119] ([66.175.245.1]) (authenticated bits=0) by ozzie.tundraware.com (8.14.7/8.14.7) with ESMTP id r54FlB5k072869 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 4 Jun 2013 10:47:14 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <51AE0C04.2050507@tundraware.com> Date: Tue, 04 Jun 2013 10:47:16 -0500 From: Tim Daneliuk Organization: TundraWare Inc. User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: FreeBSD Mailing List Subject: Can sasl/sendmail Report IP Of Failed Access? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (ozzie.tundraware.com [75.145.138.73]); Tue, 04 Jun 2013 10:47:15 -0500 (CDT) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: r54FlB5k072869 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: tundra@tundraware.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jun 2013 15:59:57 -0000 I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- ----------------------------------------------------------------------- Tim Daneliuk