> From: Chris Siebenmann
> Right now, Exim doesn't seem to have a way to force it to log absolutely
> all successful SMTP authentication (especially not immediately, the moment
> someone succeeds). An authenticated connection that sends email logs the
> successful authentication in the A=<..> portion of the '<=' log line and
> if you add '+smtp_no_mail' as a log selector, an authenticated connection
> that doesn't even try to send mail will have this logged on disconnect.
> But this leaves a logging gap for connections that authenticate, try to
> send mail, get rejected during the SMTP transaction, and then disconnect.
acl_smtp_quit = acl_check_quit
acl_smtp_notquit = acl_check_notquit
begin acl
acl_check_quit:
warn authenticated = *
logwrite = successful auth ...
warn condition = $authentication_failed
logwrite = unsuccessful auth ...
acl_check_notquit:
warn authenticated = *
logwrite = successful auth ...
warn condition = $authentication_failed
logwrite = unsuccessful auth ...
You can add what you want in "logwrite" lines.
This code saves username and password (hashed) using ${acl (Exim 4.82+):
https://github.com/Exim/exim/wiki/BlockCracking
