Solved

Track the pop3 mail

Posted on 2014-01-22
9
352 Views
Last Modified: 2014-02-02
Hi:

In my organization Postfix mail server is installed on Centos5

1:- Is it possible the track and trap the user who is using webmail outside the office?

 if yes then how and if not then

2:- Is there any procedure to block user based email so that he/she could not able to access webmail from outside the office.

Thanks in advanc.
0
Comment
Question by:Sanjeev jha
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39800907
1)  Your Webmail should have a log of who is logging and and from which IP address, so if you comb through that, you should be able to find out who is logging in externally.

2)  The easiest thing is just to block access to the web server from anything other than your own IP range(s).  So substitute the 10.x IPs below for whatever block of IPs you want to permit, and then put these rules into your IPtables configuration (/etc/sysconfig/iptables):

-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with icmp-port-unreachable
0
 
LVL 29

Expert Comment

by:serialband
ID: 39801990
Why track your users?  Just block them.

If your webserver is doing more than webmail, you might want to consider using htaccess on the webmail portion instead.  You may want to add iptables for pop mail ports instead.  Just change xterm's examples to add the mail ports.

POP3 - port 110
IMAP - port 143
SMTP - port 25
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


http://htaccessfile.com/htaccess-allow-ip-addresses
http://supportcenter.verio.com/KB/questions.php?questionid=504

Here's a sample for htaccess with 3 examples of how to allow ip ranges
 10.0.0.0 - 10.0.0.255
 10.1.0.0 - 10.1.255.255
 10.2.0.0 - 10.2.255.255
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 12.34.67.89
 allow from 10.0.0.0/24
 allow from 10.1.0.0/255.255.0.0
 allow from 10.2
 allow from 89.67.45.12
 </Limit>

Open in new window

0
 

Author Comment

by:Sanjeev jha
ID: 39802155
Thanks for support: But I afraid if i do anything changes in Live mail and if something wrong happened then it would be very difficult for me to manage. I would like if it is possible.

1: If any command which can be used to identify through maillog? who had tried to access webmail outside the office.

2:- Please mention the best site(step by step configuration of postfix mail server on centos/Red hat ) through which I can test and then i should do any changes in live mail.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:Sanjeev jha
ID: 39802156
One thing I would like to mention that I am not expert in linux. Just learning seriously and joined your commutiy for cooperation to be good in linux.
0
 
LVL 29

Expert Comment

by:serialband
ID: 39803284
It's simpler to block than to track down people and confront them, unless you're into that sort of thing.

If you're using webmail, it would be in the httpd.log.  Depending on your system, it could be in /var/log/ or /var/log/http/ or elsewhere.

Do you know the IP address ranges of your internal mail?  How many users?  How many systems.\?

If the local ip range is 10.0.1.1 to 10.0.1.255, then you could use grep to just exclude them.
grep -v 10.0.1. /var/log/httpd.log


You'd need to also figure out what other information you need to look for, such as the squirrelmail settings.

grep mail.hostname.com /var/log/httpd.log | grep -v 10.0.1
0
 
LVL 62

Expert Comment

by:gheist
ID: 39808535
-1) Do you have written policy to back your effort?

0) it has nothing to do with postfix

1) see apache access logs, EPEL has some neat web statistics pacakages to automate your effort

2) You can always use apache configuration to restrice parts of IPs to sites, though it would be ridiculous to lock out access point in nearby cafe...
0
 
LVL 13

Accepted Solution

by:
Sandy earned 500 total points
ID: 39811656
install CSF Firewall which has the exact fulfillment of your needs.

TY/SA
0
 

Author Comment

by:Sanjeev jha
ID: 39817604
serialbandPosted on 2014-01-23 at 07:10:36ID: 39803284

Thank you very much! I like the way you have make me understand.

I just want to know the users detail who logged the webmail outside the office.

thanks a lot please keep posted.
0
 
LVL 29

Expert Comment

by:serialband
ID: 39827824
I'm confused.  You assigned the correct answer to Sandeep Agrawal, but it looks like my answer solves your problem, according to your other post.  http://www.experts-exchange.com/Networking/Linux_Networking/Q_28351945.html

I don't care about the points.  I have enough for free access next month.

You should correct the assignment so that other people can actually benefit from this.  There's a Request Attention button that you can click to call a moderator to fix this if that's the case.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux Samba using Kerberos to Auth from Active Directory 9 120
rsyslog raw message 4 60
Windows 10 linux VM 30 91
Linux recover lost file deleted by mv 1 31
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question