Track the pop3 mail

1)  Your Webmail should have a log of who is logging and and from which IP address, so if you comb through that, you should be able to find out who is logging in externally.

2)  The easiest thing is just to block access to the web server from anything other than your own IP range(s).  So substitute the 10.x IPs below for whatever block of IPs you want to permit, and then put these rules into your IPtables configuration (/etc/sysconfig/iptables):

-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable

Why track your users?  Just block them.

If your webserver is doing more than webmail, you might want to consider using htaccess on the webmail portion instead.  You may want to add iptables for pop mail ports instead.  Just change xterm's examples to add the mail ports.

POP3 - port 110
IMAP - port 143
SMTP - port 25
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


http://htaccessfile.com/htaccess-allow-ip-addresses
http://supportcenter.verio.com/KB/questions.php?questionid=504

Here's a sample for htaccess with 3 examples of how to allow ip ranges
 10.0.0.0 - 10.0.0.255
 10.1.0.0 - 10.1.255.255
 10.2.0.0 - 10.2.255.255

<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 12.34.67.89
 allow from 10.0.0.0/24
 allow from 10.1.0.0/255.255.0.0
 allow from 10.2
 allow from 89.67.45.12
 </Limit>

Select allOpen in new window

Thanks for support: But I afraid if i do anything changes in Live mail and if something wrong happened then it would be very difficult for me to manage. I would like if it is possible.

1: If any command which can be used to identify through maillog? who had tried to access webmail outside the office.

2:- Please mention the best site(step by step configuration of postfix mail server on centos/Red hat ) through which I can test and then i should do any changes in live mail.

One thing I would like to mention that I am not expert in linux. Just learning seriously and joined your commutiy for cooperation to be good in linux.

It's simpler to block than to track down people and confront them, unless you're into that sort of thing.

If you're using webmail, it would be in the httpd.log.  Depending on your system, it could be in /var/log/ or /var/log/http/ or elsewhere.

Do you know the IP address ranges of your internal mail?  How many users?  How many systems.\?

If the local ip range is 10.0.1.1 to 10.0.1.255, then you could use grep to just exclude them.
grep -v 10.0.1. /var/log/httpd.log


You'd need to also figure out what other information you need to look for, such as the squirrelmail settings.

grep mail.hostname.com /var/log/httpd.log | grep -v 10.0.1

-1) Do you have written policy to back your effort?

0) it has nothing to do with postfix

1) see apache access logs, EPEL has some neat web statistics pacakages to automate your effort

2) You can always use apache configuration to restrice parts of IPs to sites, though it would be ridiculous to lock out access point in nearby cafe...

serialbandPosted on 2014-01-23 at 07:10:36ID: 39803284

Thank you very much! I like the way you have make me understand.

I just want to know the users detail who logged the webmail outside the office.

thanks a lot please keep posted.

I'm confused.  You assigned the correct answer to Sandeep Agrawal, but it looks like my answer solves your problem, according to your other post.  https://www.experts-exchange.com/questions/28351945/Mail-track-in-Postfix-mail-server-with-centos-squirremail-accessing-outside-the-office.html

I don't care about the points.  I have enough for free access next month.

You should correct the assignment so that other people can actually benefit from this.  There's a Request Attention button that you can click to call a moderator to fix this if that's the case.