xclient logging

I have a proxy filter in front of Postfix. Postfix is listening on
the localhost. The filter is sending EHLO and XCLIENT to Postfix. The
reason I am trying xclient is to get more information in Postfix's logs.

I'm now getting a significant quantity of brute-force and formerly
hacked password login attempts. As a result, I have a number of log
entries similar to:

Apr 8 16:59:25 bubba assp/smtpd[7152]: connect
from localhost[127.0.0.1]
Apr 8 16:59:29 bubba assp/smtpd[7152]:
warning: localhost[127.0.0.1]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6
Apr 8 16:59:29 bubba assp/smtpd[7152]: lost connection
after AUTH from localhost[127.0.0.1]
Apr 8 16:59:29 bubba
assp/smtpd[7152]: disconnect from localhost[127.0.0.1]

With xclient
enabled (it is sent immediately after the EHLO response), my log is
now:

Apr 8 17:02:31 bubba assp/smtpd[7414]: connect from
localhost[127.0.0.1]
Apr 8 17:02:35 bubba assp/smtpd[7414]: warning:
unknown[110.53.26.206]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6
Apr 8 17:02:35 bubba assp/smtpd[7414]: lost connection
after AUTH from unknown[110.53.26.206]
Apr 8 17:02:35 bubba
assp/smtpd[7414]: disconnect from unknown[110.53.26.206]

This is much
better. My remaining question is - is there a way I can get even that
first connection line to reference the remote IP?

-- Daniel

• This message: [ Message body ]
• Next message: /dev/rob0: "Re: Tying it together: postfix, sasl, dovecot"
• Previous message: Rich: "how to fix forwarding loop"
• Next in thread: Benny Pedersen: "Re: xclient logging"
• Reply: Benny Pedersen: "Re: xclient logging"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]