If you want username/password logging (including failed logins, with
the bad password), Paul Gregg's implementation of checkpoppasswd does
this. Obviously once they're logged in, it's under control of pop3d,
so you won't get any thing beyond user and pass. Note that logging
bad passwords could be considered a security risk.
Here's an example, 1 succeed and 1 fail:
Nov 17 15:21:03 mail0 checkpoppasswd: POP3 connect from
unknown@localhost [127.0.0.1]
Nov 17 15:21:03 mail0 checkpoppasswd: pop3checkpasswd: POP3 user
jsmith : /var/qmail/popboxes/vcnet-/jsmith logged in from
unknown@localhost [127.0.0.1]
Nov 17 16:12:17 mail0 checkpoppasswd: POP3 connect from
unknown@localhost [127.0.0.1]
Nov 17 16:12:17 mail0 checkpoppasswd: pop3checkpasswd: FAILED: jsmith
[jsmith] - password incorrect (bad_pass_here) from unknown@localhost
[127.0.0.1]
Find it at:
http://www.tibus.net/pgregg/projects/
jon
At 11:00 AM +1100 11/18/99, Marc-Adrian Napoli wrote:
>Hi all,
>
>Regarding pop-3d.
>
>> Yea but the original post wanted to record cmd's, kinda like tcpservers -v
>> option. Sure you can sniff and dump etc, but nothing built in (aka fool
>> proof).
>
>I asked this question a while back, and found out that there is no way. :(
>
>tcpserver -v won't give you anything useful when running pop-3d. Therefore
>piping the output through splogger (and consequently syslog) gives you
>nothing, i am logging mail.* in syslog and get nothing. (i've tried!)
>
>The only way is for someone to edit some source code of pop-3d to spit out
>some info. (Or as mentioned, use tcpdump for this sort of thing.. but this
>will most definitely not giev useful information about incorrect passwords
>etc).
>
>Anyone already done this?
>
>Regards,
>
>Marc-Adrian Napoli
>Connect Infobahn Australia
>+61 2 92811750
