Facebook
TwitterHello
When an user log into webmail (horde or roundcube), the maillog not recover the exact data, it appear something like this :
Jan 16 10:39:58 020 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=8609, TLS, session=<CyrAmz6crLIAAAAAAAAAAAAAAAAAAAAB>
Jan 16 10:39:58 020 dovecot: service=imap, [email protected], ip=[::1]. Logged out rcvd=82, sent=788
So no information about the remote ip.
If we use roundcube, this info is logged in other file with real ip (well, not exactly the log, but yes the sent mail) :
/var/log/plesk-roundcube/sendmail
[16-Jan-2020 09:41:03 +0000]: <7g5t0ssf> User [email protected][XXX.XXX.XXX.XXX]; Message for [email protected]; 250: 2.0.0 Ok: queued as 0EF99DC01FF
I don't found this info in case of horde use, only the fail logs in /var/log/psa-horde/psa-horde.log
Is there any way to log ALL connection (included webmails connection) in maillog? Spammer use sometime webmails and it's more dificult to find correct info to stop spam.
When an user log into webmail (horde or roundcube), the maillog not recover the exact data, it appear something like this :
Jan 16 10:39:58 020 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=8609, TLS, session=<CyrAmz6crLIAAAAAAAAAAAAAAAAAAAAB>
Jan 16 10:39:58 020 dovecot: service=imap, [email protected], ip=[::1]. Logged out rcvd=82, sent=788
So no information about the remote ip.
If we use roundcube, this info is logged in other file with real ip (well, not exactly the log, but yes the sent mail) :
/var/log/plesk-roundcube/sendmail
[16-Jan-2020 09:41:03 +0000]: <7g5t0ssf> User [email protected][XXX.XXX.XXX.XXX]; Message for [email protected]; 250: 2.0.0 Ok: queued as 0EF99DC01FF
I don't found this info in case of horde use, only the fail logs in /var/log/psa-horde/psa-horde.log
Is there any way to log ALL connection (included webmails connection) in maillog? Spammer use sometime webmails and it's more dificult to find correct info to stop spam.