Thursday, October 23, 2014

Logging auth information in sendmail




Problem: the sendmail default logging configuration does not log per message auth info which I neeed (i.e. I want to know which user/authmethod was used for a certain message id). Following a tip from this entry, I ended up with the following cf lines:



LOCAL_CONFIG
Klog syslog
 # This works
HSubject: $>+LogSubject
 # this does not
HX-Authost: ${mail_host}
HX-Authost: $>+LogAuthAuthor


LOCAL_RULESETS

SLogSubject
R$* $: $(log Subject: $1 authenticated-by: $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1

SLogAuthAuthor
R$* $: $(log Authenticated-by: $1 $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1


The first one yields (in maillog):




sendmail[10814]: r2DEJl9P010814: Subject:the Subject.authenticated by:PLAIN,auser,0,,esmtp,example.com.,someone@example.com


The second:



sendmail[10814]: r2DEJl9P010814: Authenticated-by:example.com.,,,,esmtp,example.com.,auser@example.com


It does therefore appear that the {auth_xxxx} macro are empty when the second rule fires... but they are not. In fact I can log them if I put them on the H line instead:




HX-Authost: ${mail_host} ${auth_type} ${auth_authen} ${auth_ssf} ${auth_author}
HX-Authost: $>+LogAuthAuthor1


Except I do not want to do this because I would be sending out auth information where I only want to log it. In fact the entire solution is coyote ugly, not to mention horribly kludgey, and I would welcome a better one (one that does not begins with "change MTA"-I am perfectly happy with sendmail)



Please note that raising LogLevel to 10 and above (as has been suggested) appears not to cut it because the auth information is logged once per session (i.e. at login), while what I want is having it in message context.



Cheers,

alf


Answer



You may create log entries you want in check_eoh (end of headers) or check_data rulesets (after smtp data command).



LOCAL_RULESETS
Scheck_data
R$*    $: $(log Authenticated-by: $&{auth_type}, $&{auth_authen}, $&{auth_ssf}, $&{auth_author}, $&{mail_mailer}, $&{mail_host}, $&{mail_addr} $) $1


[There should be a TAB before $:]
check_data gets as input number_of_recipients, check_eoh gets as input number_of_headers $| total_headers_bytes




check_mail would be a better place but FEATURE(delay_checks) makes it more tricky.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...