Page 1 of 1

LF_DISTSMTP support for postfix

Posted: 21 Feb 2016, 19:57
by marcele
Here is an updated "processdistsmtpline" function in RegexMain.pm that adds Distributed SMTP Login (LF_DISTSMTP) support for Postfix:

Successful Postfix SMTP_AUTH log file example

Code: Select all

Sep 23 11:45:31 el7p17 postfix/smtpd[39220]: CB957400A36E: client=unknown[192.168.1.122], sasl_method=PLAIN, sasl_username=test@example.com
Regex Text
https://regex101.com/r/hnNGkC/1

RegexMain.pm function processdistsmtpline on line 795

Code: Select all

sub processdistsmtpline {
        my $line = shift;
        my $tline = $line;
        $tline =~ s/".*"/""/g;
        my @bits =split(/\s+/,$tline);
        my $ip;

        # postfix
        if ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ postfix\/(submission\/)?smtpd(?:\[\d+\])?: \w+: client=\S+\[(\S+)\], sasl_method=(?:(?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5), sasl_username=(\S+)$/) {
            $ip = $3; my $account = $4; $ip =~ s/^::ffff://;
            if (checkip(\$ip) and $ip ne "127.0.0.1" and $ip ne "::1") {
                return ($ip,$account)
            } else {
                return;
            }
        }

        if ($tline !~ /^\S+\s+\S+\s+(\[\d+\]\s)?\S+ <=/) {return}

        if ($tline =~ / U=(\S+) P=local /) {return}

        if ($tline =~ / H=[^=]*\[(\S+)\]/) {
                $ip = $1;
                unless (checkip(\$ip) or $ip eq "127.0.0.1" or $ip eq "::1") {return}
        } else {
                return;
        }

        if (($tline =~ / A=(courier_plain|courier_login|dovecot_plain|dovecot_login|fixed_login|fixed_plain|login|plain):(\S+)/)){
                my $account = $2;
                if (($tline =~ / P=(esmtpa|esmtpsa) /)) {return ($ip, $account)}
        }
}

Re: LF_DISTSMTP support for postfix

Posted: 21 Feb 2016, 21:46
by marcele
Edit: Updated function to make sure that 127.0.0.1 and ::1 are skipped!

Re: LF_DISTSMTP support for postfix

Posted: 23 Sep 2018, 19:02
by marcele
I know that I submitted this a while ago and I've updated the sample code for csf: v12.06. Would this still be possible to get this added in the next release?

I'm sending another Paypal donation for your time!

Re: LF_DISTSMTP support for postfix

Posted: 23 Sep 2018, 21:47
by ForumAdmin
I have added it to the DEV list

Re: LF_DISTSMTP support for postfix

Posted: 24 Sep 2018, 12:01
by marcele
ForumAdmin wrote: 23 Sep 2018, 21:47 I have added it to the DEV list
Thanks man!