doveadm who reverse dns lookups
Perhaps this is a feature request...
It would be nice if the ‘doveadm who’ command printed out the reverse dns name of where the user was logged in from.
Would it be possible to either add some option to doveadm who for this, or make it the do it by default and add a ‘-n’ option (like many of the other programs that look up ip addresses by default) and take a -n option to not do that?
Not sure if that would break some existing thing which is why I hesitate. Might be safer to add, say, a -r option to do the rDNS lookup.
However, it would definitely save me a step in figuring out where someone was logged in from to know if it’s legit.
Michael Grant
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 24 Jul 2018, Michael Grant wrote:
Perhaps this is a feature request...
It would be nice if the ‘doveadm who’ command printed out the reverse dns name of where the user was logged in from.
Would it be possible to either add some option to doveadm who for this, or make it the do it by default and add a ‘-n’ option (like many of the other programs that look up ip addresses by default) and take a -n option to not do that?
Not sure if that would break some existing thing which is why I hesitate. Might be safer to add, say, a -r option to do the rDNS lookup.
Hmm, use the Unix construction kit:
doveadm who| perl -np -MSocket -e 'sub addr { my $i = shift; my $iaddr = inet_aton($i); return gethostbyaddr($iaddr, AF_INET) || $i; } s/((?:\d+\.){3}\d+)/addr($1)/eg'
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBW1gMSsQnQQNheMxiAQJaLgf/UYjZaKZU4yUN9YdGhFdq+4+6GKk/UFpG tT99rNSwYVnk1rBwaW07fkDMV0HcuFmB6gDpDx6D2hVW/yNJWvi1PQTb+GZvbB9P QRXamrB0WRVBcq5v4FM7QuNiMW921pJ6MWt03vDzhPHSMd/y99B3ZCz2gbMQuUVG rj3X+YxhMoQUGTgvPEsZ2TGbRE5VNWojUEbCnlSUGOuRtwKMrmaahzKGHsrf8Dub fzNrEJ8mxrySgC79+2FdLInv+YiguE3Xv6rN2c1tygC7sDeETfloe0GL3kWnUw4L bhhf+mcpzyqoutfcGCM9ggHieXBQk9xKsMBhftT3dAZ/f3Rok/eZHA== =2JK3 -----END PGP SIGNATURE-----
On Tue, 24 Jul 2018, Michael Grant wrote:
However, it would definitely save me a step in figuring out where someone was logged in from to know if it?s legit.
Or not. The IP address being logged is reliable, the PTR lookup is in the hands of that zone's DNS operators, who could spoof any FQDN they want. If you're concentrating on one/few case(s), it's worth deep diving. If you're analyzing an entire log file, use a script.
Joseph Tam <jtam.home@gmail.com>
participants (3)
-
Joseph Tam
-
Michael Grant
-
Steffen Kaiser