Log IPs of IMAP connections (attempts)
Valentin Laskov
laskov at festa.bg
Tue Feb 25 14:08:51 CET 2020
Hello,
На 24.02.2020 в 22:32, sruli s написа:
> Thanks for that, the original question however remains, how can I get
> the original IP's for bad logins / non-existing accounts?
if you decide to stop and disable guam the steps must be (untested ! )
as follows:
1. In /etc/cyrus.conf , section SERVICES add new line
imap cmd="imapd" listen="imap" prefork=5
and change line
imaps cmd="imapd -s" listen="127.0.0.1:9993" prefork=5
to
imaps cmd="imapd -s" listen="imaps" prefork=5
2. execute (in Centos 7) as root
# systemctl stop guam.service
# systemctl restart cyrus-imapd.service
3. Make some tests with mail clients
4. If all is OK and you like the result, execute
# systemctl disable guam.service
# systemctl mask guam.service
If you do not like it, restore /etc/cyrus.conf and restart services above.
5. Optional if you want to move imapd log messages in /var/log/imapd.log
add in /etc/imapd.conf
syslog_facility: LOCAL6
add in /etc/rsyslog.conf
# Save Cyrus IMAP messages
local6.* /var/log/imapd.log
and execute
# systemctl restart rsyslog.service
# systemctl restart cyrus-imapd.service
Check content of /var/log/imapd.log
Check the existens of /etc/logrotate.d/cyrus-imapd . This is in my
system where I added compression:
/var/log/imapd.log /var/log/auth.log {
missingok
compress
delaycompress
compresscmd /bin/bzip2
compressoptions -9
compressext .bz2
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2>
/dev/null || true
endscript
}
I hope we are ready :)
Regards
V. Laskov
More information about the users
mailing list