Re: logging smtp connections
Hi, Thanks for your reply. The problem is that I do not have access to the real MTA, because it is managed by another group. So, somehow I need to do this in the firewall/bridge. One way I thought of was patching the ipfreely TCP proxy to exract these fields (from, to, subject) of the SMTP dialogue. But I was hoping that relayd could be used as an SMTP proxy and had some logging facilities that allowed me to get this info. Something like: check send ... expect Regards, Robson All I have access to is the firewall. - Original Message - From: Brian A. Seklecki To: Robson Caetano Cc: misc@openbsd.org Subject: Re: logging smtp connections Date: Fri, 08 May 2009 14:18:31 -0400 On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote: Hi I would like to log From:, To: and Subject: fields of every SMTP connection to my internal SMTP server that is passed by the openbsd firewall. You're better off doing that within your MTA. Courier has a Big Brother feature: etc/courier/courierd:# ARCHIVEDIR=/usr/lib/courier/bigbrother ~BAS -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: logging smtp connections
On Sat, May 9, 2009 at 3:56 AM, Robson Caetano inet1...@myself.com wrote: The problem is that I do not have access to the real MTA, because it is managed by another group. Umm, why isn't that group being asked to do this sort of logging? I know, it's a crazy thought, asking the email specialists to do email-specific things... So, somehow I need to do this in the firewall/bridge. One way I thought of was patching the ipfreely TCP proxy to exract these fields (from, to, subject) of the SMTP dialogue. You should look at using a real application-layer proxy to do this, as it has to understand the SMTP state transitions. I have a vague memory of there being such a proxy in the (ancient) Firewall Toolkit, but I never had a need for such a thing. Having that act as a transparent proxy (i.e., letting the internal MTA see the external host's IP address and TCP port) would probably require additional hacking, but maybe they don't care about that, given that they're unwilling or unable to assist in this project. (If your requirements are that this be done without the mail group being able to tell, then you *really* should have mentioned that to begin with, because it places significant bounds on the solution and we could have gotten to the haha, good luck! point much sooner) But I was hoping that relayd could be used as an SMTP proxy and had some logging facilities that allowed me to get this info. Something like: check send ... expect And what, just log the contents of all lines that begin with From: or Subject: or MAIL FROM: and thus have false matches for all of the above lines? Or were you going to try to build an SMTP state machine in expect-style rules? Philip Guenther
Re: logging smtp connections
On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote: Hi I would like to log From:, To: and Subject: fields of every SMTP connection to my internal SMTP server that is passed by the openbsd firewall. You're better off doing that within your MTA. Courier has a Big Brother feature: etc/courier/courierd:# ARCHIVEDIR=/usr/lib/courier/bigbrother ~BAS
Re: logging smtp connections
Hi again, What I need is some way of knowing more about the connections going through to the real MTA, which I do not have access to. I already have spamd running on the OpenBSD firewall but once a host is whitelisted, the ruleset makes no redirection to spamd and the connections go to the real MTA instead. But I would like to be able to know at least the IP, from:, to: and subject of these connections. So I thought maybe relayd has some logging features that might allow me to extract these info out of the connections. But I have not enough knowledge for that yet. Logging all packets of the SMTP connections via PF would probably be too much, and I dont know if it could help me. Thanks for any suggestions. Regards, Robson Caetano -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
logging smtp connections
Hi I would like to log From:, To: and Subject: fields of every SMTP connection to my internal SMTP server that is passed by the openbsd firewall. Could I use relayd in the firewall for that? Has anyone done something similar? Thanks for any help. Regards, Robson Caetano -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com