Solved

Track the pop3 mail

Posted on 2014-01-22
9
343 Views
Last Modified: 2014-02-02
Hi:

In my organization Postfix mail server is installed on Centos5

1:- Is it possible the track and trap the user who is using webmail outside the office?

 if yes then how and if not then

2:- Is there any procedure to block user based email so that he/she could not able to access webmail from outside the office.

Thanks in advanc.
0
Comment
Question by:Sanjeev jha
9 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39800907
1)  Your Webmail should have a log of who is logging and and from which IP address, so if you comb through that, you should be able to find out who is logging in externally.

2)  The easiest thing is just to block access to the web server from anything other than your own IP range(s).  So substitute the 10.x IPs below for whatever block of IPs you want to permit, and then put these rules into your IPtables configuration (/etc/sysconfig/iptables):

-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
0
 
LVL 27

Expert Comment

by:serialband
ID: 39801990
Why track your users?  Just block them.

If your webserver is doing more than webmail, you might want to consider using htaccess on the webmail portion instead.  You may want to add iptables for pop mail ports instead.  Just change xterm's examples to add the mail ports.

POP3 - port 110
IMAP - port 143
SMTP - port 25
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


http://htaccessfile.com/htaccess-allow-ip-addresses
http://supportcenter.verio.com/KB/questions.php?questionid=504

Here's a sample for htaccess with 3 examples of how to allow ip ranges
 10.0.0.0 - 10.0.0.255
 10.1.0.0 - 10.1.255.255
 10.2.0.0 - 10.2.255.255
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 12.34.67.89
 allow from 10.0.0.0/24
 allow from 10.1.0.0/255.255.0.0
 allow from 10.2
 allow from 89.67.45.12
 </Limit>

Open in new window

0
 

Author Comment

by:Sanjeev jha
ID: 39802155
Thanks for support: But I afraid if i do anything changes in Live mail and if something wrong happened then it would be very difficult for me to manage. I would like if it is possible.

1: If any command which can be used to identify through maillog? who had tried to access webmail outside the office.

2:- Please mention the best site(step by step configuration of postfix mail server on centos/Red hat ) through which I can test and then i should do any changes in live mail.
0
 

Author Comment

by:Sanjeev jha
ID: 39802156
One thing I would like to mention that I am not expert in linux. Just learning seriously and joined your commutiy for cooperation to be good in linux.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 27

Expert Comment

by:serialband
ID: 39803284
It's simpler to block than to track down people and confront them, unless you're into that sort of thing.

If you're using webmail, it would be in the httpd.log.  Depending on your system, it could be in /var/log/ or /var/log/http/ or elsewhere.

Do you know the IP address ranges of your internal mail?  How many users?  How many systems.\?

If the local ip range is 10.0.1.1 to 10.0.1.255, then you could use grep to just exclude them.
grep -v 10.0.1. /var/log/httpd.log


You'd need to also figure out what other information you need to look for, such as the squirrelmail settings.

grep mail.hostname.com /var/log/httpd.log | grep -v 10.0.1
0
 
LVL 61

Expert Comment

by:gheist
ID: 39808535
-1) Do you have written policy to back your effort?

0) it has nothing to do with postfix

1) see apache access logs, EPEL has some neat web statistics pacakages to automate your effort

2) You can always use apache configuration to restrice parts of IPs to sites, though it would be ridiculous to lock out access point in nearby cafe...
0
 
LVL 13

Accepted Solution

by:
Sandy earned 500 total points
ID: 39811656
install CSF Firewall which has the exact fulfillment of your needs.

TY/SA
0
 

Author Comment

by:Sanjeev jha
ID: 39817604
serialbandPosted on 2014-01-23 at 07:10:36ID: 39803284

Thank you very much! I like the way you have make me understand.

I just want to know the users detail who logged the webmail outside the office.

thanks a lot please keep posted.
0
 
LVL 27

Expert Comment

by:serialband
ID: 39827824
I'm confused.  You assigned the correct answer to Sandeep Agrawal, but it looks like my answer solves your problem, according to your other post.  http://www.experts-exchange.com/Networking/Linux_Networking/Q_28351945.html

I don't care about the points.  I have enough for free access next month.

You should correct the assignment so that other people can actually benefit from this.  There's a Request Attention button that you can click to call a moderator to fix this if that's the case.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now