Re: Logging sender recipient pairs

2009-07-09 Thread Sahil Tandon
On Thu, 09 Jul 2009, brian moore wrote: > > I haven't done this myself, but I hear policy servers are quite > > popular for this sort of thing (the usual question is how to setup > > sending quotas for users, so this would be a slight modification). > > Yes, postfixpolicyd can do this. > > The r

Re: Logging sender recipient pairs

2009-07-09 Thread brian moore
On Thu, 9 Jul 2009 09:25:40 +1000 Barney Desmond wrote: > I haven't done this myself, but I hear policy servers are quite > popular for this sort of thing (the usual question is how to setup > sending quotas for users, so this would be a slight modification). Yes, postfixpolicyd can do this. Th

Re: Logging sender recipient pairs

2009-07-08 Thread Victor Duchovni
On Thu, Jul 09, 2009 at 06:23:09AM +0200, Magnus Bäck wrote: > On Thursday, July 09, 2009 at 03:44 CEST, > Sahil Tandon wrote: > > [...] > > > You might be able to use the fact that qmgr(8) logs the original recipient > > count. Example: > > > > postfix/qmgr[54662]: 98EF25C51: from=, siz

Re: Logging sender recipient pairs

2009-07-08 Thread Magnus Bäck
On Thursday, July 09, 2009 at 03:44 CEST, Sahil Tandon wrote: [...] > You might be able to use the fact that qmgr(8) logs the original recipient > count. Example: > > postfix/qmgr[54662]: 98EF25C51: from=, size=717, nrcpt=5 > > Take care to avoid double counting in situations where mail

Re: Logging sender recipient pairs

2009-07-08 Thread Sahil Tandon
On Wed, 08 Jul 2009, Chris Turan wrote: > The idea is to count the number of envelope recipients to determine > who's sending to lots of people. If someone goes over 500 per day, flag > them as suspicious and alert me. It might be better to define a "someone" as an IP rather than an envelope

Re: Logging sender recipient pairs

2009-07-08 Thread Barney Desmond
2009/7/9 Chris Turan : > The idea is to count the number of envelope recipients to determine who's > sending to lots of people.  If someone goes over 500 per day, flag them as > suspicious and alert me. > > Postfix already logs part of this in syslog but the recipient list is > truncated or split u

Logging sender recipient pairs

2009-07-08 Thread Chris Turan
Hi All, I'm attempting to come up with a better solution for detecting email customers who attempt to send email campaigns using my mail servers. I'd like to find a way to have postfix log the sender and recipient addresses into a flat file, as well as the message id and timestamp. The idea