Solved

Track the pop3 mail

Posted on 2014-01-22
9
348 Views
Last Modified: 2014-02-02
Hi:

In my organization Postfix mail server is installed on Centos5

1:- Is it possible the track and trap the user who is using webmail outside the office?

 if yes then how and if not then

2:- Is there any procedure to block user based email so that he/she could not able to access webmail from outside the office.

Thanks in advanc.
0
Comment
Question by:Sanjeev jha
9 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39800907
1)  Your Webmail should have a log of who is logging and and from which IP address, so if you comb through that, you should be able to find out who is logging in externally.

2)  The easiest thing is just to block access to the web server from anything other than your own IP range(s).  So substitute the 10.x IPs below for whatever block of IPs you want to permit, and then put these rules into your IPtables configuration (/etc/sysconfig/iptables):

-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
0
 
LVL 28

Expert Comment

by:serialband
ID: 39801990
Why track your users?  Just block them.

If your webserver is doing more than webmail, you might want to consider using htaccess on the webmail portion instead.  You may want to add iptables for pop mail ports instead.  Just change xterm's examples to add the mail ports.

POP3 - port 110
IMAP - port 143
SMTP - port 25
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


http://htaccessfile.com/htaccess-allow-ip-addresses
http://supportcenter.verio.com/KB/questions.php?questionid=504

Here's a sample for htaccess with 3 examples of how to allow ip ranges
 10.0.0.0 - 10.0.0.255
 10.1.0.0 - 10.1.255.255
 10.2.0.0 - 10.2.255.255
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 12.34.67.89
 allow from 10.0.0.0/24
 allow from 10.1.0.0/255.255.0.0
 allow from 10.2
 allow from 89.67.45.12
 </Limit>

Open in new window

0
 

Author Comment

by:Sanjeev jha
ID: 39802155
Thanks for support: But I afraid if i do anything changes in Live mail and if something wrong happened then it would be very difficult for me to manage. I would like if it is possible.

1: If any command which can be used to identify through maillog? who had tried to access webmail outside the office.

2:- Please mention the best site(step by step configuration of postfix mail server on centos/Red hat ) through which I can test and then i should do any changes in live mail.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Sanjeev jha
ID: 39802156
One thing I would like to mention that I am not expert in linux. Just learning seriously and joined your commutiy for cooperation to be good in linux.
0
 
LVL 28

Expert Comment

by:serialband
ID: 39803284
It's simpler to block than to track down people and confront them, unless you're into that sort of thing.

If you're using webmail, it would be in the httpd.log.  Depending on your system, it could be in /var/log/ or /var/log/http/ or elsewhere.

Do you know the IP address ranges of your internal mail?  How many users?  How many systems.\?

If the local ip range is 10.0.1.1 to 10.0.1.255, then you could use grep to just exclude them.
grep -v 10.0.1. /var/log/httpd.log


You'd need to also figure out what other information you need to look for, such as the squirrelmail settings.

grep mail.hostname.com /var/log/httpd.log | grep -v 10.0.1
0
 
LVL 62

Expert Comment

by:gheist
ID: 39808535
-1) Do you have written policy to back your effort?

0) it has nothing to do with postfix

1) see apache access logs, EPEL has some neat web statistics pacakages to automate your effort

2) You can always use apache configuration to restrice parts of IPs to sites, though it would be ridiculous to lock out access point in nearby cafe...
0
 
LVL 13

Accepted Solution

by:
Sandy earned 500 total points
ID: 39811656
install CSF Firewall which has the exact fulfillment of your needs.

TY/SA
0
 

Author Comment

by:Sanjeev jha
ID: 39817604
serialbandPosted on 2014-01-23 at 07:10:36ID: 39803284

Thank you very much! I like the way you have make me understand.

I just want to know the users detail who logged the webmail outside the office.

thanks a lot please keep posted.
0
 
LVL 28

Expert Comment

by:serialband
ID: 39827824
I'm confused.  You assigned the correct answer to Sandeep Agrawal, but it looks like my answer solves your problem, according to your other post.  http://www.experts-exchange.com/Networking/Linux_Networking/Q_28351945.html

I don't care about the points.  I have enough for free access next month.

You should correct the assignment so that other people can actually benefit from this.  There's a Request Attention button that you can click to call a moderator to fix this if that's the case.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question