Logging IP address in error logs
Martin Schmid
scm at aps-systems.ch
Thu Jan 19 17:19:08 CET 2017
Dusan, This may be true for some messages of a normal sequence.
I currently have log_level=5 and I cannot directly extract the ip from
the error line, eg 'ESMTP: notice: client broke the connection without a
QUIT ()'.
The ip may be there somewhere else but this is not suitable for fail2ban.
Of course, I can write my own version of fail2ban ...!?
Am 19.01.2017 um 17:04 schrieb Dusan Obradovic:
>
>> On Jan 19, 2017, at 16:55, Martin Schmid <scm at aps-systems.ch
>> <mailto:scm at aps-systems.ch>> wrote:
>>
>> I accidently didn't reply to the list before, so here's a little summary:
>>
>> In general, my setup is working flawlessly with amavis as frontend
>> and xmail as backend server.
>> Since amavis behaves as a kind of proxy, it also sends the error
>> status codes from the real SMTP server to the client while connected.
>> There may be disadvantages exposing amavis but I'm pretty satified so
>> far.
>>
>> My goal would be to use fail2ban to automatically lock out ip
>> adresses that cause some errors such ass dropping sessions without quit.
>> To accomplish this I would need to find the offending IP in the log.
>> That's all I'm after.
>>
>> It seems that there is no option covering this. It seems that I have
>> to patch the script.
>
> Martin, the option you are looking for is $log_level, you need to
> increase amavisd verbosity to log all the information during the SMTP
> transaction.
>
> At $log_level = 2, amavisd would log the connected smtp client ip address.
--
Martin Schmid
APS systems AG, Neumatt 4, CH-4626 Niederbuchsiten
Tel direkt: +41 62 389 8891, Fax: +41 62 389 8880, Tel: +41 62 389 8888
www.aps-systems.ch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170119/e1d34df1/attachment.html>
More information about the amavis-users
mailing list