Re: [exim] RFE: a way to log all successful SMTP authenticat…

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] RFE: a way to log all successful SMTP authentications from clients
> From: Chris Siebenmann

> Right now, Exim doesn't seem to have a way to force it to log absolutely
> all successful SMTP authentication (especially not immediately, the moment
> someone succeeds). An authenticated connection that sends email logs the
> successful authentication in the A=<..> portion of the '<=' log line and
> if you add '+smtp_no_mail' as a log selector, an authenticated connection
> that doesn't even try to send mail will have this logged on disconnect.
> But this leaves a logging gap for connections that authenticate, try to
> send mail, get rejected during the SMTP transaction, and then disconnect.


acl_smtp_quit = acl_check_quit
acl_smtp_notquit = acl_check_notquit
begin acl
acl_check_quit:
  warn  authenticated = *
        logwrite = successful auth ...


  warn  condition = $authentication_failed
        logwrite = unsuccessful auth ...


acl_check_notquit:
  warn  authenticated = *
        logwrite = successful auth ...


  warn  condition = $authentication_failed
        logwrite = unsuccessful auth ...


You can add what you want in "logwrite" lines.

This code saves username and password (hashed) using ${acl (Exim 4.82+):
https://github.com/Exim/exim/wiki/BlockCracking