On 2018-01-30 16:44, Ghislain Adnet wrote: > hi, > > We participated in some police enquiries about emails sent to > blackmail people and get the source IP. The ISP answered > that they use proxy systems and they requires IP+port to be able to > track the source. We just helped the case but it > sparkle the idea that i better start to log the tcp port as well on > my servers logs. > > > In postfix the IP is logged but not the TCP port. To be ahead in > future legal issues i wanted to know if there is a way > to : > > - add the TCP port to the log messages > - add the tcp port to a header in the mail (so it stick to it) > > > i did not find in the mailling list archive or the googlebrain or the > doc any way to do that. Perhaps a very simple > milter but i also did not find a logging milter (but they seems hard > to find those milters anyway). Any ideas or > experience doing that ? > > > best regards, > Ghislain.
I don't know why it is important to you to log the port number so if you could explain I would be grateful. You can deploy postscreen, which is a good idea anyway and you will have port numbers in the logs: Jan 30 17:12:09 mail postfix/postscreen[20169]: CONNECT from [2607:f8b0:4001:c0b::234]:38670 to [2a05:d018:76d:5af6:d050:9b30:6bf7:df98]:25 Jan 30 17:12:09 mail postfix/postscreen[20169]: WHITELISTED [2607:f8b0:4001:c0b::234]:38670 Jan 30 17:12:09 mail postfix/smtpd[20618]: connect from mail-it0-x234.google.com[2607:f8b0:4001:c0b::234] Jan 30 17:07:11 mail postfix/postscreen[20169]: CONNECT from [137.135.42.190]:1072 to [10.1.0.20]:25 Jan 30 17:07:11 mail postfix/postscreen[20169]: BLACKLISTED [137.135.42.190]:1072 Jan 30 17:07:11 mail postfix/postscreen[20169]: DISCONNECT [137.135.42.190]:1072 Jan 30 17:15:07 mail postfix/postscreen[20169]: CONNECT from [168.100.1.3]:45124 to [10.1.0.20]:25 Jan 30 17:15:07 mail postfix/postscreen[20169]: PASS OLD [168.100.1.3]:45124 Jan 30 17:15:07 mail postfix/smtpd[20618]: connect from camomile.cloud9.net[168.100.1.3] Which reminds me to whitelist 168.100.1.3. Karol -- Karol Augustin [email protected] http://karolaugustin.pl/ +353 85 775 5312
