I know this is old, but no one ever actually answered the OPs original question, but offered blocking suggestions instead. I have the same question, and I'd like to clarify why a bit as well. The original OP was looking for the username that was being used by the logins that were failing - specifically SMTP requests because they mentioned postfix . Till offered the closest configuration information,but that was IMAP and POP3 related, not SMTP. I need the same information as the OP. I specifically scour the log files looking for errors that include "authentication failed" and "SASL" together. I pull those IP addresses and compare them to known "good" addresses, and if I find them, I ignore them when doing my blocking. As my users are all local, I then compare the IP address to a geolocation lookup, and if they come from out-of-state or out-of-country, then I block them if they try often enough. My, and probably the OP's, issue is that for legitimate users that set up a device incorrectly, and leave it set wrong, it's annoying and throws flags, and could get them blocked, especially if fail2ban is used, and it would be nice to fix the source of the errors. It could be that someone's cell phone was set up correctly and they're just ignoring the error messages. I could be that a dedicated machine that's SUPPOSED to be sending out error messages or log files or informational emails got configured wrong, and it's not notifying someone when it should be. It could be that a password was changed on the server, but not on a machine that was using that email address. There are legitimate reasons for wanting this username information from postfix - I'm not arguing that the log files would be huge with verbose turned on (they get HUGE fast). I only plan on leaving the active long enough to get the data I need - but it would be nice to be able to get the information to solve a legitimate problem when there is one. I've tried turning on verbose in postfix, but I still wasn't able to get the information I was looking for, so I clearly wasn't doing it correctly. Thanks.