Prashant Desai wrote >hello list > i am running qmail-smtpd under tcpserver, i am using multilog prog for >logging and maintaining qmail logs, but i desperately needs to log Ip >addresses for spam detection , we are running an ISP we need to findout >the guy/customer who is sending lot of junk mails by relating IP >address/time in qmail-smtpd logs with the radius logs , >i think this is the only way by which i can find out who is sending junk >mails from out mail servers I am using standard syslog, and this is my startup line for qmail : /usr/local/bin/tcpserver -R -H -x/etc/tcp.smtp.cdb -v -u 7770 -g 2108 0 smtp /var/qmail/bin/tcp-env /usr/sbin/relaylock /var/qmail/bin/qmail-smtpd >> /var/log/maillog 2>&1 & on one line. I am using relaylock, but you can throw away all of this staff, except for the ending >> /var/log/maillog 2>&1 this is what maked tcpserver put all logs to the main maillog, so the tcp requests are interleaved with the qmail log lines, and you see the ip addresses : this is the result in my maillog : tcpserver: status: 2/40 tcpserver: pid 15544 from 192.168.5.52 tcpserver: ok 15544 mail.fool.com:212.179.48.82:25 :192.168.5.52::3257 Jan 1 14:46:16 mail qmail: 978353176.564144 new msg 16685 Jan 1 14:46:16 mail qmail: 978353176.564284 info msg 16685: bytes 874 from <[EMAIL PROTECTED]> qp 15546 uid 7770 Jan 1 14:46:16 mail qmail: 978353176.575647 starting delivery 916: msg 16685 to local [EMAIL PROTECTED] Jan 1 14:46:16 mail qmail: 978353176.575727 status: local 1/10 remote 1/20 Jan 1 14:46:16 mail qmail: 978353176.575779 starting delivery 917: msg 16685 to remote [EMAIL PROTECTED] Jan 1 14:46:16 mail qmail: 978353176.575824 status: local 1/10 remote 2/20 tcpserver: end 15544 status 0 tcpserver: status: 1/40 Jan 1 14:46:16 mail qmail: 978353176.670452 delivery 916: success: did_1+0+0/ Jan 1 14:46:16 mail qmail: 978353176.670555 status: local 0/10 remote 2/20 Hope that it helpes.
