[BlueOnyx:07045] Re: Find remote ip in logs
Roman Buerkle
nexxus at stimme.net
Fri Apr 15 02:07:40 -05 2011
Hi Maurice,
don't know if it helps you, but i did this to get some offending IPs:
edit /usr/share/sendmail-cf/m4/proto.m4 somewhere near line 1092 / 1093
("handle virtual user" section):
old:
.....
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
new:
.....
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
[$&{client_addr}]
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
[$&{client_addr}]
afterwards a
rm sendmail.cf
m4 sendmail.mc > sendmail.cf
/etc/rc.d/init.d/sendmail restart
this produces a maillog entry with the offending IPs behind it:
Mar 15 12:49:28 bx1 sendmail[12575]: o2FBn3SF012575:
sdsjkhdsjkdhsjk at domain.com... No such user here[192.168.23.112]
perfect for trapping the dictionary-attackers.
Greets
Roman
On Wed, 2011-04-13 at 03:33 +0200, Maurice de Laat wrote:
> On Sat, Apr 09, 2011 at 12:55:12PM -0500, Gerald Waugh wrote:
>
> > Look in /var/log/maillog and/or /var/log/messages on or about
> > Apr 8 11:08:29
> >
> > As it's probably email or ftp associated
>
> In no file in /var/log is more info to be found. That's why I am asking
> myself how to find the offending ip
>
> Thanks
More information about the Blueonyx
mailing list