[Vmail-discuss] POP-and-SEND with vmail
Chris Lightfoot
chris@xxxxxxxxxxxxx
Tue, 17 Jul 2001 19:05:01 +0100
On Tue, Jul 17, 2001 at 01:01:47PM -0400, Marcin Pacyna wrote:
> That's exactly what I meant by POP-and-SEND.
>
> Currently I'm redirecting the log output from my POP3 daemon into a named
> pipe (via syslog) which in turn gets parsed by a perl script (which I found
> somewhere on a sendmail site) which puts authenticated IPs as files into a
> spool directory which then gets compiled into a table which is read by
> exim... etc. That same script checks the creation time of each file and
> removes the appropriate files from the spool after a specified time.
>
> I could use the same method with tpop3d however the log output from tpop3d
> is quite different - my current pop3 daemon spits out easily parsable lines
> such as:
>
> Jul 17 12:54:27 mail ipop3d[16983]: Login user=someuser
> host=somehost.domain.com [10.10.10.10] nmsgs=0/0
>
> so all I need to look for is a line that has a "Login" and I grab the IP
> from it.
>
> tpop3d has slightly more verbose output usually spanning multiple lines
> which isn't as easy to parse.
Indeed. I have added for the next version (1.3.4) a single
logging line which should be suitable for your purposes.
Sorry no patch yet, but manually, in file main.c around
line 719, after
_exit(0);
}
add
/* Began session; log something useful in case of POP-before-SMTP
* relaying.
*/
print_log(LOG_INFO, _("fork_child: %s: successfully authenticated with auth_%s"), c->idstr, c->a->auth);
This will then output something like
... fork_child: [42]fish@soup.com(123.45.67.89): successfully authenticated with auth_mysql
or whatever. A suitable perl regexp to parse this:
($user, $ipaddr, $authdrv) = ($line =~ /fork_child: \[\d+\]([^(]+)\(([^)]+)\): successfully authenticated with (.+)$/);
(Not tested but should work.)
Note that this is not in any way secure (it's not secure
with ipop3d either). In particular, I could write a
program which outputs syslog lines as above for arbitrary
IP addresses. But this is not a problem unless users on
your POP host have shell access, in which case they can
probably send mail through your host by other means
anyway.
> Maybe it'd be useful to add an option to have a more compact logging in
> tpop3d? (if there isn't one in place already)
This is probably a good idea, but may not happen very
soon.
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
Curiosity kills more mice than cats.