Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

qmail-smtpd => missing link => qmail-send

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


coyote at inc

Nov 10, 2009, 3:20 PM

Post #1 of 4 (1900 views)
Permalink
qmail-smtpd => missing link => qmail-send
Hi folks,

I am using qmail with tcpserver/multilog. I need to keep record from
every mail, witch comes-in or out.
I have to gather these info-s from every delivery:

message_received_time
src_IP
to_address
from_address
action (success, delivered to, ....)
size

I have everything, but src_IP. It is located in qmail-smtpd log. I cant
find link between send and smtpd programs.
I understand, that qmail-smtpd after succeeds, passing the mail to
qmail-queue.
The qmail-queue PID gets recorded in qmail-send. And thats it. I don't
know wich process called the qmail-queue form the logs.

-It is possible to log into qmail-smtpd the qmail-queue PID wich was
created? (I know sounds wierd...)
-Maye log in qmail-send the originating qmail-smtpd PID, wich called
qmail-queue? (little better, but wierd also..)
-Log sender IP into qmail-send. (This could be prefered, maybe workable...)

Is there a solution for this? (from the logs?)

There is only two link between them, but these are not precise. One is
the TO address (extra info in qmail-smtpd, comes from validrcptto), wich
is in qmail-send and qmail-smtpd, and the other is time, when the log
entry was created. It is hard to make an accurate script from these for
this harvesting.


Regards,

Peter, Szekeres


bruce at untroubled

Nov 10, 2009, 3:53 PM

Post #2 of 4 (1771 views)
Permalink
Re: qmail-smtpd => missing link => qmail-send [In reply to]
On Wed, Nov 11, 2009 at 12:20:39AM +0100, CoyoteTM-INC-Szeki wrote:
> I have everything, but src_IP. It is located in qmail-smtpd log. I cant
> find link between send and smtpd programs.
> I understand, that qmail-smtpd after succeeds, passing the mail to
> qmail-queue.
> The qmail-queue PID gets recorded in qmail-send. And thats it. I don't
> know wich process called the qmail-queue form the logs.

You can't find a missing link because there isn't one. qmail-smtpd
invokes qmail-queue directly, since qmail-queue is the mechanism that
inserts new messages into the queue.

> -It is possible to log into qmail-smtpd the qmail-queue PID wich was
> created? (I know sounds wierd...)

Easily, and not very weird. I do it in mailfront. Add code to dump the
accept_buf to stderr in acceptmessage() in qmail-smtpd.c

> -Maye log in qmail-send the originating qmail-smtpd PID, wich called
> qmail-queue? (little better, but wierd also..)
> -Log sender IP into qmail-send. (This could be prefered, maybe workable...)

Hard to do, and probably even harder to do securely, since the only
information qmail-send would have about IP addresses would come from
parsing the Received: headers. Finding out the qmail-smtpd PID would be
even harder, since qmail-smtpd doesn't record it anywhere.

--
Bruce Guenter <bruce [at] untroubled> http://untroubled.org/
I do custom software development. Email me for details.


coyote at inc

Nov 26, 2009, 5:31 AM

Post #3 of 4 (1583 views)
Permalink
Re: qmail-smtpd => missing link => qmail-send [In reply to]
If you send a message to a qmail server, and you are successful, than
you will se:

ok_250_XXXXXXXXX_qp_12331 <= and this is the queue-pid number, what is
comes up in the qmail-send logs.

If I make a connection to an qmail smtpd szerver, than I communicate
with the qmail-smtpd program, and this program sends back to me the answers.

From this, It seems to me, that qmail-smtpd sees the queue PID, which
can be the missing link. Only what we have to do, to somehow log this
into the qmail-smtpd log. (whitout mailforont, still don't like the idea)

This is right or not?

Peter, Szekeres

Bruce Guenter írta:
> On Wed, Nov 11, 2009 at 06:43:45PM +0100, CoyoteTM-INC-Szeki wrote:
>>> Easily, and not very weird. I do it in mailfront. Add code to dump the
>>> accept_buf to stderr in acceptmessage() in qmail-smtpd.c
>> So it is possible to get the qmail-queue pid info at the stage, when
>> qmail-smtpd fires it up.
>
> Certainly. It's the "qp" variable in smtp_data.
>
>> As I have read and understand so far, mailfront replaces qmail-smtpd,
>> which idea I fear of. (or makes a new frontend for qmail-smtpd?)
>
> mailfront replaces qmail-smtpd, yes, as well as qmail-qmqpd and
> qmail-qmtpd, and qmail-popup and qmail-pop3d.
>
>> Is it a hard work to modify qmail-smtpd.c to log that info? (without
>> mailfront)
>
> Yes. In acceptmessage, after each "out" call, add something like:
>
> write(2,X,str_len(X));
>
> where "X" is the parameter to out. Alternately, you could modify the
> out function to write to stderr as well, possibly with another substdio
> buffer. This will let you see all SMTP responses, for good and bad (can
> result in log spam).
>
> PS. this should go back to the qmail mailing list.
>


kyle-qmail at memoryhole

Nov 30, 2009, 7:43 AM

Post #4 of 4 (1571 views)
Permalink
Re: qmail-smtpd => missing link => qmail-send [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thursday, November 26 at 02:31 PM, quoth CoyoteTM-INC-Szeki:
> If you send a message to a qmail server, and you are successful, than
> you will se:
>
> ok_250_XXXXXXXXX_qp_12331 <= and this is the queue-pid number, what is
> comes up in the qmail-send logs.

Indeed.

> From this, It seems to me, that qmail-smtpd sees the queue PID,
> which can be the missing link.

Of course.

> Only what we have to do, to somehow log this into the qmail-smtpd
> log. (whitout mailforont, still don't like the idea)

Well, qmail-smtpd normally doesn't log *anything*, as you know (the
smtpd logs are just filled with tcpserver-generated entries). To get
it to log things, you have to edit the qmail-smtpd source. There are a
few qmail-smtpd logging patches out there, including my own (though
mine doesn't include the qp in the log entry at the moment). Find one
and apply it.

~Kyle
- --
Coffee is the common man's gold, and like gold, it brings to every
person the feeling of luxury and nobility.
-- Sheik Abd-al-Kadir
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJLE+gtAAoJECuveozR/AWeZL8P/0aUwbBPk1hgKlVC0v09dgTj
WBkd9d/caYHXqrwzrITeFrqV1Q1ws8JGP0AUNsb6JjbLY72xieQUHYdWyZoheEIA
UDJWeLDGIPf3AoxwkAIqKYyzwtMmcGTltuzytJJGIzSnOY1gjupwcTv3CZJTbwyn
qpJZo8oj+nnJrMx8Mavbwa53eWZUE0hZlfaWWiqS8sHXoYsmSGwXwUalFc+eqFgE
1TgNTVlIQrZtJttj12ImX/LJ9gmJ4oJg97rB1bgfIqu8ZE4yvQ0fr2aVfyZkKQ36
bJfAMv9/xbIM/6n9Nk6tZMzI0/gtW6ZriUng0zfcifsD0r7BP9eeVE0UUOv57A/Q
sxsiIefZ7sJX0N0GZhDW3mL4Kn/fGM/oKmpZ4zNQREgx0UbUvMkzWh8H/Xn3lTAG
crCV2T+DdS5ptRHoRBnc/vMkWtmnsMR/3fvV43uv/vj5NLY9VKXGGGFQMczUUqZ5
dmMQkJKOISlG6aicmtVwbvqaRnPmCcgqFHnSzXTrTyjfLICPckl6UeqRAWIe6Efr
pGX+0LBOY+5f17GUn0ZbQkrkCRIPR3BynPFrMllV0P9icgv/TJw0dIzWheqBbPor
9+VqmPre51v/IJxin2+nUQkByXzZ5vRLjFbThurbTGOvPiqV30xdqHBhd/s6APr3
cciQckxPtGuErbDQL+Bm
=OdZA
-----END PGP SIGNATURE-----

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.