Hi , I would like to save every authentication IP addresses to database, for IMAP and POP3 everything working correct but I don't know how to configure Post-login script for SMTP AUTH.
Can you help me ?
Regards, Jack
I use an access policy server which mostly does rate-limiting and also writes to a database. It's written in perl. If all you want to do is to write some records for every connection then the script would be rather simple. You just need to put "check_policy_service unix:...." in the right place, presumably in smtpd_client_restrictions, I guess if you put it before permit_sasl_authenticated it would still have the auth details, due to delayed evaluation.
On 10/20/2017 04:50 PM, j.emerlik wrote:
On the other hand a postfix policy server can let you record a lot of detail about SMTP activity: messages sent, sender/recipient addresses, and client addresses of course.
I might be able to help with putting such a script together, time permitting :-)
Which one policy server are you using ? Someone from that list : http://www.postfix.org/addon.html
2017-10-20 16:53 GMT+02:00 Gedalya <gedalya@gedalya.net>:
Dovecot auth supports auth_policy_server (v2.2.27+, https://wiki.dovecot.org/Authentication/Policy), which you could use for this. There is also https://github.com/PowerDNS/weakforced you can use as policy server, which can also do ratelimiting and such. It also integrates with postfix.
Aki
Aha. Looks pretty cool, and it's really nice that it supports HTTP. On the other hand if I'm rate limiting the number of messages sent = number of times a client said RCPT TO, I guess it still has to be a postfix policy server? Anyway, thanks for pointing this out, I'm sure I'll use it :-)
On 10/21/2017 02:16 PM, Aki Tuomi wrote:
In data sabato 21 ottobre 2017 15:44:52 CEST, Gedalya ha scritto:
Very interesting indeed; now I'm using a post-login script to track the IP of the clients, but I'll evalutate the policy as it seems cleaner.
For a simple policy server to use with postfix, you can check out my simple daemon:
https://github.com/SimoneLazzaris/polka
It's written in go, very simple, efficient but effective. We're using in production with zero issues.
*Simone Lazzaris* *Qcom S.p.A.* simone.lazzaris@qcom.it[1] | www.qcom.it[2]
- LinkedIn[3]* | *Facebook[4]* [5]
[1] mailto:simone.lazzaris@qcom.it [2] https://www.qcom.it [3] https://www.linkedin.com/company/qcom-spa [4] http://www.facebook.com/qcomspa [5] https://www.qcom.it/includes/email-banner.gif
Op 20-10-2017 om 15:46 schreef j.emerlik:
This is how I log te last time someone logged in:
service imap { . . . executable = imap imap-postlogin }
service imap-postlogin { executable = script-login /usr/local/bin/imap-wrapper.sh user = vmail unix_listener imap-postlogin { } }
And for pop3 users:
service pop3 { . . . executable = pop3 pop3-postlogin }
service pop3-postlogin { executable = script-login /usr/local/bin/pop3-wrapper.sh user = vmail unix_listener pop3-postlogin { } }
Where imap_wrapper.sh is: #! /bin/sh touch /disk/mail/login/imap/$USER touch /disk/mail/login/$USER exec "$@"
And for pop3_wrapper.sh: #! /bin/sh touch /disk/mail/login/pop3/$USER touch /disk/mail/login/$USER exec "$@"
This gives me empty files in <path>/login, /login/imap and /login/pop3 with the username as filename. The timestamp of the filwe is the lat login time.
HTH Egbert Jan, NL
participants (5)
-
Aki Tuomi
-
Egbert
-
Gedalya
-
j.emerlik
-
Simone Lazzaris