I have qmail and can I see from what IP addresses was access to my account? I'm using webmail (imap) and is there any chance that I can see access IP addresses and see is there any misuse of my account? Thanks!
Asked
Active
Viewed 1,208 times
0
-
Do you run the server? If it is a webmail account you could go look at your apache logs easily. AFAIK Qmail isn't a imap server so you would need to tell us what the actual IMAP server is for us to point you to the logs. – Zoredache Jul 02 '10 at 18:59
1 Answers
0
It will indeed depend largely on your IMAP server -- something qmail doesn't provide. For courrier-imap (which is common with qmail, it is myself what I run) you may grep your logs for 'imapd' and 'imapd-ssl'.
Where the log entries go also largely depend on your syslog configuration, but if it is not particularly configured to log to a different stream for your imap server, it should be in the default syslog.
You might want to investigate /var/log.
This might be of some help in figuring out where your imap log files are:
# find /var/log | xargs grep imap
Mine are kept in /var/log/mail.log, which is how I configured it.
For courrier imap, for instance, the LOGIN entries look like this
Jul 2 17:23:15 servername imapd-ssl: LOGIN, user=username@host.com, ip=[::ffff:192.168.148.120], protocol=IMAP
Where, of course, username@host.com is the account name. I use vpopmail, your mileage may vary. But here we see that the IP address is the 8th column (separated by space(s)) in the log.
To easily compile a list of IPs that accessed your account with courrier-imap, you could do something like this:
# grep "LOGIN" mail.log | grep "username@host.com" | awk '{ print $8 }' | sort | uniq
ip=[::ffff:172.16.64.XX],
ip=[::ffff:172.16.64.XY],
ip=[::ffff:172.16.64.YZ],
ip=[::ffff:209.5.XX.XX],
ip=[::ffff:24.114.XZ.XY],
ip=[::ffff:24.114.XX.XY],
ip=[::ffff:24.114.YY.ZZ],
Of course replace the expression in grep, the log file, the username and the column field in awk with ones fitting of your imap server.
mr_daemon
- 490
- 4
- 11