[Vmail-discuss] POP-and-SEND with vmail

Chris Lightfoot chris@xxxxxxxxxxxxx
Tue, 17 Jul 2001 19:05:01 +0100


On Tue, Jul 17, 2001 at 01:01:47PM -0400, Marcin Pacyna wrote:
> That's exactly what I meant by POP-and-SEND.
> 
> Currently I'm redirecting the log output from my POP3 daemon into a named
> pipe (via syslog) which in turn gets parsed by a perl script (which I found
> somewhere on a sendmail site) which puts authenticated IPs as files into a
> spool directory which then gets compiled into a table which is read by
> exim... etc.  That same script checks the creation time of each file and
> removes the appropriate files from the spool after a specified time.
> 
> I could use the same method with tpop3d however the log output from tpop3d
> is quite different - my current pop3 daemon spits out easily parsable lines
> such as:
> 
> Jul 17 12:54:27 mail ipop3d[16983]: Login user=someuser
> host=somehost.domain.com [10.10.10.10] nmsgs=0/0
> 
> so all I need to look for is a line that has a "Login" and I grab the IP
> from it.
> 
> tpop3d has slightly more verbose output usually spanning multiple lines
> which isn't as easy to parse.

Indeed. I have added for the next version (1.3.4) a single
logging line which should be suitable for your purposes.
Sorry no patch yet, but manually, in file main.c around
line 719, after

                _exit(0);
            }

add

            /* Began session; log something useful in case of POP-before-SMTP
             * relaying.
             */
            print_log(LOG_INFO, _("fork_child: %s: successfully authenticated with auth_%s"), c->idstr, c->a->auth);
                                                  

This will then output something like

... fork_child: [42]fish@soup.com(123.45.67.89): successfully authenticated with auth_mysql

or whatever. A suitable perl regexp to parse this:

    ($user, $ipaddr, $authdrv) = ($line =~ /fork_child: \[\d+\]([^(]+)\(([^)]+)\): successfully authenticated with (.+)$/);

(Not tested but should work.)

Note that this is not in any way secure (it's not secure
with ipop3d either). In particular, I could write a
program which outputs syslog lines as above for arbitrary
IP addresses. But this is not a problem unless users on
your POP host have shell access, in which case they can
probably send mail through your host by other means
anyway.

> Maybe it'd be useful to add an option to have a more compact logging in
> tpop3d? (if there isn't one in place already)

This is probably a good idea, but may not happen very
soon.

-- 
Chris Lightfoot -- www.ex-parrot.com/~chris/
 Curiosity kills more mice than cats.