* On 2005.04.27, in <[EMAIL PROTECTED]>, * "Jeff A. Earickson" <[EMAIL PROTECTED]> wrote: > > No good. I would like the SSL sessions to say something like > "SSL POP login" so I can start tracking who uses which. (I want > to pull the plug on 110 unencrypted). Suggestions on how to do this?
We run qpopper from inetd under tcp_wrappers's tcpd, and use hosts.allow rules to specify how qpopper gets executed. There have been several reasons for not running it standalone, but one side benefit is the kind of logging you describe. We have several POP service hostnames on the same machine, and use both ports 110 and 995. The hosts.allow lines we use instruct tcpd to run (for example) "pop-%H-110" or "pop-%H-995", depending on the port being serviced. Tcpd expands "%H" to the hostname being connected to, so in the filesystem we have links to the qpopper executable named "pop-<hostname>-110" and "pop-<hostname>-995", for each hostname offering POP service. Since these executable links become the argv[0] for qpopper, that's what shows in the syslog. If this needs further explanation I can make up some examples. Our actual configuration is much more complicated than that, so a copy-paste isn't really going to be helpful. -- -D. [EMAIL PROTECTED] NSIT University of Chicago
