Maex qmail

qmail-pop3d logging addon


note: Mattias Pålsson has a solution to log user logins without patching qmail-pop3d. Take a look at simple logging wrapper for qmail-pop3d. This page is no longer available.
If you only need user logging and want to keep your sources clean you may try the following:
Create a shell script /var/qmail/bin/qmail-pop3d-wrapper.sh:
#!/bin/sh
echo "qmail-pop3d: user $USER logged in from $TCPREMOTEIP:$TCPREMOTEPORT" >&5
$@
and then modify the startup script (probably /service/qmail-pop3d/run) like that:
exec /usr/bin/softlimit -m 3000000 \
  /usr/bin/tcpserver -v -R -H -l FQDN 0 110 \
   /var/qmail/bin/qmail-popup FQDN /bin/checkpassword \
    /var/qmail/bin/qmail-pop3d-wrapper.sh /var/qmail/bin/qmail-pop3d Maildir 2>&1 5>&1

this patch against a vanilla qmail-1.03 adds logging capabilities to the qmail POP3 daemon.
The patch is "shielded" by the #define __mLOGGING at the top of qmail-pop3d.c. Undefining it disables the modification.

format:
    acct: pid pid: remote_host:remote_ip:remote_info:remote_port user login
    acct: pid pid: remote_host:remote_ip:remote_info:remote_port user logout bytes bytes transferred

example:
    acct: pid 91398: desktop.example.com:10.0.0.1::12345 maex@example.com login
    acct: pid 91398: desktop.example.com:10.0.0.1::12345 maex@example.com logout 535502 bytes transferred

If remote_host cannot be determined from the TCPREMOTEHOST environment variable it is set to unknown.
If remote_info cannot be determined from the TCPREMOTEINFO environment variable it is set to to an empty string (see example above).
The user info is taken from the USER environment variable (which should be properly set by the checkpassword program.

The accounting information is output on filedescriptor 5, so you have to add a 5>&1 (probably in addition to the 2>&1 already there) to the end of the qmail-pop3d command to get the data into a logfile (FD 2 is used in communication between qmail-popup and checkpassword and is not available for logging in qmail-pop3d).

Bytes are summarized in the blast() function, so no command transfers are accounted but only data retrieved via the RETR or TOP commands.

  • If you are using qmail+vpopmail you need the second patch, as vpopmail uses for virtual domains the environment variable VPOPUSER.
    Thanks to Koen de Boeve for finding this out.
  • 20060406: There was a bug in the patches that only occured if there doesn't exist a Maildir for the user that signed on, causing qmail-pop3d to crash.
    Thanks to Thanos Massias for finding this out.
download:

Back to my qmail page.

Copyright © 1997-2009 Markus 'Maex' Stumpf · created: Fri Apr 19 00:47:55 CEST 2002 · last modified: Sat Apr 11 03:09:30 CEST 2009