On Tue, Nov 3, 2009 at 1:08 PM, Andrew Daviel <advax@xxxxxxxxx> wrote:
>
> We have been having problems with compromised accounts used for spamming,
> and I needed to track user logins against client ip address.
>
> The remote address turns up in the Message-ID, e.g.
> <port>.<ipv4a.b.c.d>.nnnn.squirrel...
> and in Apache access_log, but those don't give the username.
> imapd syslog gives the username, but lists 127.0.0.1 as the address.
> Correlating timestamps was painful, so I hacked squirrelmail.
>
> I'm sure there's a better, more elegant way, probably already done by
> someone - maybe "Squirrel Logger" plugin which I hadn't found
Yep, that's the one you want that does what you're trying to do in a
much better way. You also want Restrict Senders and maybe Lockout
and/or CAPTCHA
> when I
> wrote this. But for what it's worth:
>
> patch aginst squirrelmail-1.4.8-5.el4 (Latest RedHat Enterprise 4
> package) - generates a simple greppable file of logins and logouts :
>
>
> --- /usr/share/squirrelmail/src/redirect.php.orig 2009-01-20
> 21:21:31.000000000 -0800
> +++ /usr/share/squirrelmail/src/redirect.php 2009-10-23
> 16:56:03.000000000 -0700
> @@ -99,7 +99,11 @@
> sqsession_register ($username, 'username');
> sqsetcookie('key', $key, 0, $base_uri);
> do_hook ('login_verified');
> -
> + if ($logfile = fopen('/var/log/squirrelmail/session.log','a+') ) {
> + $logline = date('Y-m-d H:i:s ') . $_SERVER['REMOTE_ADDR'] . ' login ' . $username . "\n";
> + fputs($logfile, $logline, strlen($logline) );
> + fclose($logfile);
> + }
> }
>
> /* Set the login variables. */
> --- /usr/share/squirrelmail/src/signout.php.orig 2006-07-30
> 12:37:38.000000000 -0700
> +++ /usr/share/squirrelmail/src/signout.php 2009-10-23
> 18:10:51.000000000 -0700
> @@ -43,6 +43,11 @@
> }
>
> do_hook('logout');
> +if ($logfile = fopen('/var/log/squirrelmail/session.log','a+') ) {
> + $logline = date('Y-m-d H:i:s ') . $_SERVER['REMOTE_ADDR'] . ' logout ' . $username . "\n";
> + fputs($logfile, $logline, strlen($logline) );
> + fclose($logfile);
> +}
>
> sqsession_destroy();
>
> ---------------------
> /var/log/squirrelmail needs to exist, writable by apache
> (PHP is not my choice of scripting language, so this is way crude ...)
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
