Hi there,

You can configure vpopmail logging (compile time only, as far as I
know), which then will show you various information depending on the
level you have chosen.


On Wed, 2007-02-21 at 16:56 -0600, Max Esquivel wrote:

> Hi all.  Im not sure this is the right ML so if it is not I apologize  
> and please point me in the right direction.  Thanks!
> I have a qmail server (qmail, vpopmail-no mysql).  I have ssome 500  
> client email accounts distributed over some 30 domain names.  Im  
> having serious SPAM problems in the sense that some spammer is using  
> legit username/pw combinatioss to authenticate and send his/her   
> garbage.  I cant , for the life of me, determine which accounts are  
> suspect or are compromised.  On my system, mail.log (/var/log/mail/ 
> log) provides good info for pop and spamd activity, showing what user  
> a pop connection is opened and closed for like so:
> Feb 21 14:48:57 sjo pop3d: Connection, ip=[::ffff:]
> Feb 21 14:48:57 sjo pop3d: LOGIN, [EMAIL PROTECTED], ip= 
> [::ffff:]
> Feb 21 14:48:57 sjo pop3d: LOGOUT, [EMAIL PROTECTED], ip= 
> [::ffff:], top=0, retr=0, rcvd=12, sent=39, time=0
> Since I am interested in smtp though, I look at /var/log/qmail/smtpd/ 
> current and find that the info only tells me the connecting IP,  
> target IP and stasus info:
> @4000000045dccd01188edb8c tcpserver: pid 4555 from
> @4000000045dccd01188ffc9c tcpserver: ok 4555 sjo.sinapsisglobal.com: 
> :
> @4000000045dccd020d221944 tcpserver: end 4551 status 0
> @4000000045dccd020d2228e4 tcpserver: status: 12/120
> @4000000045dccd021e11902c tcpserver: end 4555 status 256
> Is there any way to configure the smtp log to show which account is  
> being logged in or auth'ed to send, sort of like what the pop log shows?
> Any help will be immensely appreciated.
> Max

Reply via email to