[Mimedefang] Access to sendmail marco client_addr
Benoit Panizzon
benoit.panizzon at imp.ch
Mon May 5 06:19:23 EDT 2014
Hello
We use MIMEdefang in conjunction with postfix.
Postfix does not set a macro if_addr. According to the Postfix Milter
documentation, all milters should use client_addr instead.
According to the MIMEDefang documentation, read_commands_file would populate
if_addr but does not populate client_addr.
Is there a way to tell MIMEDefang to also pull client_addr?
Of could someone tell me a better solution for that situation?
We keep a history of the users which authenticated via smtp during the last
hour and look at how many ip addresses are involved. If the number of
different ip addresses is over a thereshold, we disable the user because of
suspected phished password.
Now we also have users using our webmail. The webmail uses the users
credential for smtp auth, but comes from one specific IP address. We don't
notice if a botnet starts abusing our webmail. But the webmail adds an extra
header telling the IP of the HTTP client.
I would like to do something like this in filter_begin:
read_commands_file;
if ($SendmailMacros{client_addr} eq $webmailip) {
open(./HEADERS);
look for the IP that sent that email via HTTP;
insert into LoginHistory (tstamp, auth_user, HTTP_ip);
}
Wo how can I access the client_ip from within filter_begin?
Mit freundlichen Grüssen
Benoit Panizzon
--
I m p r o W a r e A G -
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 07
CH-4133 Pratteln Fax +41 61 826 93 02
Schweiz Web http://www.imp.ch
______________________________________________________
More information about the MIMEDefang
mailing list