Good news: here is finally the parser for Dovecot. Dovecot is the POP/IMAP server that is used by RHEL 4 likes (CentOS also). It is very good and I recommend it.
If you could not log your IPs, and were using Dovecot 0.99 and sendmail 8.10 or higher, then no fix existed up to today, and this is the reason why it didn't work. As I like also very much poprelayd, I just created today this dovecot compatibility. I hope you will enjoy it, folks ! However I hope there are no bugs, this is my first perl script hack.. Give any feedback on this.
To install, just replace the /etc/mail/poprelay.conf file by the following lines. You should be using the latest version of poprelayd. Restart poprelayd with 'service poprelay restart' and it should be working. You might have to adapt the first configuration lines if you are using something else than CentOS 4.
# where POP3/IMAP daemon connections get logged
$logfile = "/var/log/maillog";
# Where we put our PID. (dieing output
# will be dumped here too)
$pidfile = "/var/run/poprelayd.pid";
# Sendmail map to update.
$dbfile = "/etc/mail/popip.db";
#Change this to match the type of db file sendmail needs
#Your perl must support that type of file as well
$dbtype = "DB_HASH";
# Minutes an entry lasts. (3000 = ~ 2 days)
# IMAP connections can last a very long time so I like to keep this long.
# The odds that someone will hop onto one of your valid user's old IP's and
# spam from it are so small I wouldn't worry about it. I recommend making
# this long to avoid complications.
$timeout_minutes = 15;
# Number of seconds to sleep between checks
$log_wait_interval = 5;
#There can be only one log parser.
#the standard one should work for most systems. The other
#ones may be slightly out of date. I don't have any systems
#that run these servers so I can't update or test the routines.
#If you fix anything with them please let me know and I will
#roll the changes into the main version.
#
#$log_parser = \&log_parse_standard;
#$log_parser = \&log_parse_berkeley;
#$log_parser = \&log_parse_qpopper;
#$log_parser = \&log_parse_qpopper_old;
#$log_parser = \&log_parse_cucipop;
$log_parser = \&log_parse_custom;
#Custom log line parsing scripts:
#If you want to create your own log parsing routine, do it here in
#the config file so you can update the poprelayd without losing your
#custom parsing routine. The routine below does the same thing as
#log_parse_standard. It should be a good starting point for any
#cusomization. It parses lines in many stages so it can be easily
#cusomized. It will even do dns lookups of hostnames using
#gethostbyname if the program loggs the hostname instead of the ip.
#
#If you get something working post it to the forums at
#http://sourceforge.net/projects/poprelay so the next guy doesn't have
#to go through the same headache. I'll try and roll new routines into
#the main program so that poprelayd can work out of the box for all
#the log formats.
# Dovecot maillog parser:
sub log_parse_custom ($) {
my $s = $_[0];
my @paddrs; # Packed IP addresses.
my @addrs; # ASCII addresses.
my ($junk,$info,$string,$service,$ip,$host);
($info, $string)=split(/\: /,$line);
($service) = $info=~/(\S+)$/;
$service=~s/\[\d+\]//;
return () unless $service=~/^(pop2|pop3|imap)-login$/;
return () unless $string=~/^(Login|Authenticated)/;
($ip) = $line=~/.*\:\:ffff\:(\d+\.\d+\.\d+\.\d+)\]/;
if ($ip) {
print "$service: $ip\n";
return ($ip);
} else {
($host) = $string=~/^(\S+)/;
print "$service: $host\n";
($junk, $junk, $junk, $junk, @paddrs) = gethostbyname($host);
while (@paddrs) {
push(@addrs, join('.', unpack('C4', shift(@paddrs))));
}
return (@addrs);
}
}
#leave this alone:
1;
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all.
Good news: here is finally the parser for Dovecot. Dovecot is the POP/IMAP server that is used by RHEL 4 likes (CentOS also). It is very good and I recommend it.
If you could not log your IPs, and were using Dovecot 0.99 and sendmail 8.10 or higher, then no fix existed up to today, and this is the reason why it didn't work. As I like also very much poprelayd, I just created today this dovecot compatibility. I hope you will enjoy it, folks ! However I hope there are no bugs, this is my first perl script hack.. Give any feedback on this.
To install, just replace the /etc/mail/poprelay.conf file by the following lines. You should be using the latest version of poprelayd. Restart poprelayd with 'service poprelay restart' and it should be working. You might have to adapt the first configuration lines if you are using something else than CentOS 4.
Kind regards,
Daniel
--------------------------------------------------------------
#This file is interpreted by perl
#you can do a quick syntax check by doing "perl poprelay.conf"
#=======================Standard configuration options=====================
# where POP3/IMAP daemon connections get logged
$logfile = "/var/log/maillog";
# Where we put our PID. (dieing output
# will be dumped here too)
$pidfile = "/var/run/poprelayd.pid";
# Sendmail map to update.
$dbfile = "/etc/mail/popip.db";
#Change this to match the type of db file sendmail needs
#Your perl must support that type of file as well
$dbtype = "DB_HASH";
# Minutes an entry lasts. (3000 = ~ 2 days)
# IMAP connections can last a very long time so I like to keep this long.
# The odds that someone will hop onto one of your valid user's old IP's and
# spam from it are so small I wouldn't worry about it. I recommend making
# this long to avoid complications.
$timeout_minutes = 15;
# Number of seconds to sleep between checks
$log_wait_interval = 5;
#=======================Advanced configuration options=====================
#Alternate log line parsers:
#There can be only one log parser.
#the standard one should work for most systems. The other
#ones may be slightly out of date. I don't have any systems
#that run these servers so I can't update or test the routines.
#If you fix anything with them please let me know and I will
#roll the changes into the main version.
#
#$log_parser = \&log_parse_standard;
#$log_parser = \&log_parse_berkeley;
#$log_parser = \&log_parse_qpopper;
#$log_parser = \&log_parse_qpopper_old;
#$log_parser = \&log_parse_cucipop;
$log_parser = \&log_parse_custom;
#Custom log line parsing scripts:
#If you want to create your own log parsing routine, do it here in
#the config file so you can update the poprelayd without losing your
#custom parsing routine. The routine below does the same thing as
#log_parse_standard. It should be a good starting point for any
#cusomization. It parses lines in many stages so it can be easily
#cusomized. It will even do dns lookups of hostnames using
#gethostbyname if the program loggs the hostname instead of the ip.
#
#If you get something working post it to the forums at
#http://sourceforge.net/projects/poprelay so the next guy doesn't have
#to go through the same headache. I'll try and roll new routines into
#the main program so that poprelayd can work out of the box for all
#the log formats.
# Dovecot maillog parser:
sub log_parse_custom ($) {
my $s = $_[0];
my @paddrs; # Packed IP addresses.
my @addrs; # ASCII addresses.
my ($junk,$info,$string,$service,$ip,$host);
($info, $string)=split(/\: /,$line);
($service) = $info=~/(\S+)$/;
$service=~s/\[\d+\]//;
return () unless $service=~/^(pop2|pop3|imap)-login$/;
return () unless $string=~/^(Login|Authenticated)/;
($ip) = $line=~/.*\:\:ffff\:(\d+\.\d+\.\d+\.\d+)\]/;
if ($ip) {
print "$service: $ip\n";
return ($ip);
} else {
($host) = $string=~/^(\S+)/;
print "$service: $host\n";
($junk, $junk, $junk, $junk, @paddrs) = gethostbyname($host);
while (@paddrs) {
push(@addrs, join('.', unpack('C4', shift(@paddrs))));
}
return (@addrs);
}
}
#leave this alone:
1;