LF_DISTSMTP support for postfix

Post Reply
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

LF_DISTSMTP support for postfix

Post by marcele »

Here is an updated "processdistsmtpline" function in RegexMain.pm that adds Distributed SMTP Login (LF_DISTSMTP) support for Postfix:

Successful Postfix SMTP_AUTH log file example

Code: Select all

Sep 23 11:45:31 el7p17 postfix/smtpd[39220]: CB957400A36E: client=unknown[192.168.1.122], sasl_method=PLAIN, sasl_username=test@example.com
Regex Text
https://regex101.com/r/hnNGkC/1

RegexMain.pm function processdistsmtpline on line 795

Code: Select all

sub processdistsmtpline {
        my $line = shift;
        my $tline = $line;
        $tline =~ s/".*"/""/g;
        my @bits =split(/\s+/,$tline);
        my $ip;

        # postfix
        if ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ postfix\/(submission\/)?smtpd(?:\[\d+\])?: \w+: client=\S+\[(\S+)\], sasl_method=(?:(?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5), sasl_username=(\S+)$/) {
            $ip = $3; my $account = $4; $ip =~ s/^::ffff://;
            if (checkip(\$ip) and $ip ne "127.0.0.1" and $ip ne "::1") {
                return ($ip,$account)
            } else {
                return;
            }
        }

        if ($tline !~ /^\S+\s+\S+\s+(\[\d+\]\s)?\S+ <=/) {return}

        if ($tline =~ / U=(\S+) P=local /) {return}

        if ($tline =~ / H=[^=]*\[(\S+)\]/) {
                $ip = $1;
                unless (checkip(\$ip) or $ip eq "127.0.0.1" or $ip eq "::1") {return}
        } else {
                return;
        }

        if (($tline =~ / A=(courier_plain|courier_login|dovecot_plain|dovecot_login|fixed_login|fixed_plain|login|plain):(\S+)/)){
                my $account = $2;
                if (($tline =~ / P=(esmtpa|esmtpsa) /)) {return ($ip, $account)}
        }
}
Last edited by marcele on 23 Sep 2018, 18:57, edited 3 times in total.
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

Re: LF_DISTSMTP support for postfix

Post by marcele »

Edit: Updated function to make sure that 127.0.0.1 and ::1 are skipped!
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

Re: LF_DISTSMTP support for postfix

Post by marcele »

I know that I submitted this a while ago and I've updated the sample code for csf: v12.06. Would this still be possible to get this added in the next release?

I'm sending another Paypal donation for your time!
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: LF_DISTSMTP support for postfix

Post by ForumAdmin »

I have added it to the DEV list
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

Re: LF_DISTSMTP support for postfix

Post by marcele »

ForumAdmin wrote: 23 Sep 2018, 21:47 I have added it to the DEV list
Thanks man!
Post Reply