| To: | qmail@list.cr.yp.to |
|---|---|
| Subject: | Re: better logging of qmail-pop3d usage? (bytes, username) |
| From: | Joshua Nichols <jnichols@unboundtechnology.com> |
| Date: | Wed, 23 May 2007 12:24:20 -0400 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | gmail-qmail@securepoint.com |
| Delivered-to: | sp.com.list@gmail.com |
| Delivered-to: | mailing list qmail@list.cr.yp.to |
| In-reply-to: | <20070523150513.GB25238@caesar.cse.nd.edu> |
| Mailing-list: | contact qmail-help@list.cr.yp.to; run by ezmlm |
| References: | <1179931631.21309.17.camel@bigapple.omnis.ch> <20070523150513.GB25238@caesar.cse.nd.edu> |
| User-agent: | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7) Gecko/20060909 Thunderbird/1.5.0.7 Mnenhy/0.7.4.0 |
Kyle Wheeler wrote: > Adding traffic counts is going to be a wee bit harder, and if you don't > want to use recordio, that may require patching qmail-pop3d. Though it stands to reason that if there is a great deal of network traffic generated by qmail-pop3d that it is likely either: 1. Many, many logins; or 2. More messages and/or larger messages than typical. Case one would be detectable by grep -c on the logs generated with your proposed script, and case 2 should correlate to qmail-send logs, which generally contain more information. One other thing to investigate is if you're getting many failed logins, which could suggest a brute-force password attack. --joshua. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: better logging of qmail-pop3d usage? (bytes, username), J. Kendzorra |
|---|---|
| Next by Date: | Re: better logging of qmail-pop3d usage? (bytes, username), Olivier Mueller |
| Previous by Thread: | Re: better logging of qmail-pop3d usage? (bytes, username), Kyle Wheeler |
| Next by Thread: | Re: better logging of qmail-pop3d usage? (bytes, username), Olivier Mueller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |