In response to Matts suggestion of doing the logging in a deny hook, i just
created a 'denylog' plugin, which can be configured for which plugins a deny
should be logged and with which loglevel. It can also help catching your own
users doing abuse (see below).

You can find the plugin here: 
http://qpsmtpd.kju.de/qpsmtpd/created_by_me/denylog/denylog.README

Example logfile entry:

Sep 19 15:55:59 zeus qpsmtpd: 17855 Rejected a mail:
Sep 19 15:55:59 zeus qpsmtpd: ===========================================
Sep 19 15:55:59 zeus qpsmtpd: mail from:    <[EMAIL PROTECTED]>
Sep 19 15:55:59 zeus qpsmtpd: rcpt to:      <[EMAIL PROTECTED]>
Sep 19 15:55:59 zeus qpsmtpd: mail size:    17726 bytes
Sep 19 15:55:59 zeus qpsmtpd: tcp client:   mir.nadeshda.org [217.160.208.52]
Sep 19 15:55:59 zeus qpsmtpd: relay client: yes
Sep 19 15:55:59 zeus qpsmtpd: authmethod:   pop-before-smtp
Sep 19 15:55:59 zeus qpsmtpd: client user:  0815test
Sep 19 15:55:59 zeus qpsmtpd: denied by:    virus::clamav
Sep 19 15:55:59 zeus qpsmtpd: denial code:  901
Sep 19 15:55:59 zeus qpsmtpd: denial text:  Virus Found: Worm.Bagle.Gen-1
Sep 19 15:55:59 zeus qpsmtpd: ===========================================


This may seem a bit bulky, but i like to have all relevant information
logged. You can see another use for this plugin in this example: As this
example states, my own user with the userid '0815test' tried to deliver
a Worm Mail through me. I could probably automatically detect such
situations and send my customer a warning that he should check his system.
Also will this log users sending mails which trigger the spam threshold
etc.


-kju

-- 
      It's an insane world, but i'm proud to be a part of it. -- Bill Hicks

Reply via email to