• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Track the pop3 mail


In my organization Postfix mail server is installed on Centos5

1:- Is it possible the track and trap the user who is using webmail outside the office?

 if yes then how and if not then

2:- Is there any procedure to block user based email so that he/she could not able to access webmail from outside the office.

Thanks in advanc.
Sanjeev jha
Sanjeev jha
1 Solution
1)  Your Webmail should have a log of who is logging and and from which IP address, so if you comb through that, you should be able to find out who is logging in externally.

2)  The easiest thing is just to block access to the web server from anything other than your own IP range(s).  So substitute the 10.x IPs below for whatever block of IPs you want to permit, and then put these rules into your IPtables configuration (/etc/sysconfig/iptables):

-A INPUT -s -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
Why track your users?  Just block them.

If your webserver is doing more than webmail, you might want to consider using htaccess on the webmail portion instead.  You may want to add iptables for pop mail ports instead.  Just change xterm's examples to add the mail ports.

POP3 - port 110
IMAP - port 143
SMTP - port 25
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


Here's a sample for htaccess with 3 examples of how to allow ip ranges - - -
 order deny,allow
 deny from all
 allow from
 allow from
 allow from
 allow from 10.2
 allow from

Open in new window

Sanjeev jhaAuthor Commented:
Thanks for support: But I afraid if i do anything changes in Live mail and if something wrong happened then it would be very difficult for me to manage. I would like if it is possible.

1: If any command which can be used to identify through maillog? who had tried to access webmail outside the office.

2:- Please mention the best site(step by step configuration of postfix mail server on centos/Red hat ) through which I can test and then i should do any changes in live mail.
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

Sanjeev jhaAuthor Commented:
One thing I would like to mention that I am not expert in linux. Just learning seriously and joined your commutiy for cooperation to be good in linux.
It's simpler to block than to track down people and confront them, unless you're into that sort of thing.

If you're using webmail, it would be in the httpd.log.  Depending on your system, it could be in /var/log/ or /var/log/http/ or elsewhere.

Do you know the IP address ranges of your internal mail?  How many users?  How many systems.\?

If the local ip range is to, then you could use grep to just exclude them.
grep -v 10.0.1. /var/log/httpd.log

You'd need to also figure out what other information you need to look for, such as the squirrelmail settings.

grep mail.hostname.com /var/log/httpd.log | grep -v 10.0.1
-1) Do you have written policy to back your effort?

0) it has nothing to do with postfix

1) see apache access logs, EPEL has some neat web statistics pacakages to automate your effort

2) You can always use apache configuration to restrice parts of IPs to sites, though it would be ridiculous to lock out access point in nearby cafe...
install CSF Firewall which has the exact fulfillment of your needs.

Sanjeev jhaAuthor Commented:
serialbandPosted on 2014-01-23 at 07:10:36ID: 39803284

Thank you very much! I like the way you have make me understand.

I just want to know the users detail who logged the webmail outside the office.

thanks a lot please keep posted.
I'm confused.  You assigned the correct answer to Sandeep Agrawal, but it looks like my answer solves your problem, according to your other post.  http://www.experts-exchange.com/Networking/Linux_Networking/Q_28351945.html

I don't care about the points.  I have enough for free access next month.

You should correct the assignment so that other people can actually benefit from this.  There's a Request Attention button that you can click to call a moderator to fix this if that's the case.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now