anyone know of any smtp logging type software that will log internal-internal mails from a specific smtp address ??
don't say exchange

free/shareware would be better

cheers

shunty

 

Congratulations on the 10,000th post in the Computer Related Forum

Aside from that, I have absolutely no idea what you are talking about, but good luck in your quest

Later, Dunk

 

Where's the traffic originate from Shunty? External? 'Cos the internal internal bit confuses me...

 

hello Dunky mate.....I have to ask Chris for me prize then

Chris, firstly, where's me prize??
secondly, we use VISP pop3 unix mail (don't ask, we are moving to exchange 2003 soon) anyway, mimesweep & websense can monitor inbound & outbound mail BUT it doesn't see internal-2-internal, as it's only pop3 mail not full mapi services.

The mimesweep server site in front of the mail server, so internal-internal mail doesn't go through this box...hence no monitoring available.

shunty

 

No logging options on the VISP POP3 software then?

Here's a shot. Have your POP3 clients send our their mail via Windows 2000 Pro desktop with IIS + SMTP installed. This is configured just to forward all the mail onto the VISP server (just set an IP addy in the Smart Hosts box). Enable logging on the SMTP connector on the W2000 box.

Clients still collect their mail from the VISP box as normal.

Over to somebody else to come up with something better....

Chris.

PS. Prize hey? Erm, urm, I'll get back to ya

[Edited by ChrisB - 7/28/2003 1:39:02 PM]

 

No logging options on the VISP POP3 software then? some, but only very basic & we don't look after this system

that's a good recommendation Chris, but just not practical (also puts another failure point in the system & means installing iis & smtp service.

Really I need to use the VISP (unix) system & log from the source.
Exchange 2003 bl00dy hurry up!!

cheers anyway

shunty

 

/var/log/maillog ?

 

hello andrew mate, see all we needed was a sandal wearing, pony tail geezer on the job

so what does that command do & what additional commands can be used to identify specific users??

thanks for your help

shunty

 

No sandals or pony tail, could probably do with a shave tho

You should be able to grep the log

grep "user@host" /var/log/maillog | more

you can replace that with their IP as well.

if you want to look at a particular message in details grep for it's id which look something like "6D5E73C2" in the log.

Edit to say it's not a command it's a logfile, do the above or simple "more /var/log/maillog" to see it all.

[Edited by Andrewza - 7/28/2003 2:20:31 PM]

 

stephen,
agreed, it is very quick, but functionality is very limited afaik.

please bear in mind that I am not a unix person

Unless the person who built this mail system for us hasn't shown me the available options, what exactly can it do apart from basic pop3 mail & groups then??

shunty

 

cheers for the info andrewza, a sense of humour as well you are giving the unix friternaty a bad name.
yhm

cheers

shunty

 

err, where did stephencotton's reply dissapear to then ??
makes me look like I'm talking to meself

shunty

 

I'd edited it to show maillog examples too:

Jul 28 15:46:52 irc sendmail[84120]: h6SDkqDT084120: from=AN50fwYBAQAEHvYB9QAAAAAEAAAY/A@somedomain.com, size=10570, class=0, nrcpts=1, msgid=<2087407087-1463792638-1059397656@somedomain.com>, relay=root@localhost
Jul 28 15:46:53 irc sendmail[84121]: h6SDkqhC084121: from=<AN50fwYBAQAEHvYB9QAAAAAEAAAY/A@somedomain.com>, size=10570, class=0, nrcpts=1, msgid=<2087407087-1463792638-1059397656@somedomain.com>, proto=ESMTP, daemon=MTA, relay=smmsp@localhost [127.0.0.1]
Jul 28 15:46:53 irc sendmail[84120]: h6SDkqDT084120: to=user@irc.ircnet.dk.procmail, ctladdr=AN50fwYBAQAEHvYB9QAAAAAEAAAY/A@somedomain.com (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31089, relay=localhost [127.0.0.1], dsn=2.0.0, stat=Sent (h6SDkqhC084121 Thank you for using AT&ME)
Jul 28 15:46:54 irc sendmail[84123]: h6SDkqhC084121: to=steven@cotton.dk, delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=40586, relay=some.mta.dk. [213.237.53.18], dsn=2.0.0, stat=Sent (h6SDkro3019278 Message accepted for delivery)


[Edited by stevencotton - 7/28/2003 2:51:38 PM]

 

ahh, ok then.

I got this back from the unix guy who supports the visp software:

"That might well work on an old-style Sendmail log file, but Qmail log processing is usually a little more complex.

You can get grep for windows, I believe, though, or just open the file in Wordpad and search for the user you’re after (or even use MS Excel – which will, I think tabulate the file)."

he has said he could mail me the logfile every day, but that's a bit messy. Would have been better if he could have given me a search facility on the web front end, referencing the smtp address of the intended monitor.

shunty

 

There is a qmail-analog for Qmail that may do what you need (I haven't tried personally), alternatively there's this Perl script that will parse them for you (perhaps!) - you'll still need the logfile locally though, unless you can run it remotely and have the results mailed to you?