Penetration Testing mailing list archives
Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email
From: "José M. Fandiño" <jm.fandino () FADESA ES>
Date: Wed, 30 Aug 2000 10:00:56 +0200
Hello, I found this code, but I don't know the author. It's working in sendmail 8.9.3 regards, David Taylor wrote:
My problem is - I want to keep a copy of the incoming email that I relay off my machine.
-- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS d- s+: a- C+++ UL++++$ P+ L+++ E--- W++ N+ o K- w--- O+ M+ V- PS PE+ Y PGP+>+++ t+ 5 X+++ R- tv@ b+++ DI-- D+++ G e- h++ !r !z ------END GEEK CODE BLOCK------
/* ------------------------------------------------------------ * "LogAll" feature to log any message through this MTA * (c) /ARX cleanware 1998 */ { #define LOGALLHEADER "X-Logged" #define LOGALLLEVEL 12 char logallrcsid[] = "$Id: logall.c,v 1.11 1998/09/19 10:12:04 root Exp root $"; /* * $Log: logall.c,v $ * Revision 1.11 1998/09/19 10:12:04 root * published * * Revision 1.7 1998/09/17 07:12:49 root * clobbered qtimestr * * ABSTRACT * This routine logs every message in a mail folder * before it is actually transmitted. The log is * "envelope-oriented" which means it logs every message * once - not for every recipient. You must also see * the sendmail syslog for actual delivery. The log * includes full message bodys. * * IMPLEMENTATION * The logging code is compiled into the sendmail binary * with the documented and often overlooked checkcompat() * routine: * see "Bryan Costales & Eric Allman: sendmail 2nd Edition * §20 `The checkcompat() Cookbook' p.285ff" * To check whether a message was already logged it adds * a new header "X-Logged" to the message with the logging * host, the envelope id and queued date/time as values. * As long as this info doesn't change the message is no * more logged. * * CONFIGURATION * The logfile is configuerd in a new macro: * D{LogAll}path * where path is the full pathname of the logfile, which * should be mode 600. REMEMBER THIS IS A FULL BODY LOG. * So be prepared for a huge file on site with much traffic. * The file must exist and every mail is appended to it. * The macro should be inserted into a m4-config-file for * example like this: * * LOCAL_CONFIG * D{LogAll}/var/log/mail.log * * INSTALLATION * This source fragment must be included into the source-file: * .../sendmail-8.x.y/src/conf.c * at the following position (with the full path name of its * current location - here "/root/adm/mail/sendmail/logall.c"): * *>>old if (tTd(49, 1)) *>>old printf("checkcompat(to=%s, from=%s)\n", *>>old to->q_paddr, e->e_from.q_paddr); *>>old *>>new #include "/root/adm/mail/sendmail/logall.c" *>>old *>>old # ifdef EXAMPLE_CODE * * the sendmail binary must be remaked and reinstalled at * its proper position (normally /usr/sbin/sendmail). * * MANAGEMENT * Since the logfile produced by LogAll is a standard Unix-mailfolder, * the logged mails can be managed with every Unix mail-reader or MUA. * The mails inside the log can be deleted, remailed, read with any * mail user agent. If the logfile is the standard mail folder of a * special "LogAll-user" this is especially easy and even "mail" can * or a Windows-based IMAP-client can manage the logfile. * * COMPATIBILITY * LogAll is tested with sendmail-8.8.5 and sendmail-8.9.1 * under Linux 2.0.29. * * AUTHOR * Axel Reinhold - arx () hof baynet de * * LICENSE/WARRANTY * The software is provided "AS IS" without warranties of any kind, * either expressed or implied, including, but not limited to the * implied warranties of merchantability and fitness for a particular * purpose. The entire risc of the software is with you. In no event * we will be liable for any damages, including any lost profits, * lost savings or other incidental damages arising out of the use * or inability to use the software, even if we have been advised * of the possibility of such damages, or for any claim by another party. * ------------------------------------------------------------ */ int mid; /* sendmail macro id */ char *logall = NULL; /* log file path from macro LogAll */ char bfpath[512]; /* body file path */ char *hlogged = LOGALLHEADER; /* header field */ char hlogval[MAXLINE]; /* header value */ char *hlogvalp; /* header value pointer */ char qtimestr[80]; /* queued time string from asctime */ FILE *lf, *bf; /* log and body files */ ADDRESS *a; /* address structure */ HDR *h; /* header structure */ int toflag = 0; /* to header flag */ int fromflag = 0; /* from header flag */ long bfpos; /* remember file pos */ size_t b_read; /* bytes read counter */ unsigned char b_buf[512]; /* buffer for read/write body */ mid = macid("{LogAll}", NULL); /* get our config macro */ logall = macvalue(mid, e); /* to check whether and where to log*/ /* Use logging if macro is set and we can open the logfile */ if ((logall!=NULL) && ((lf = fopen(logall, "a"))!=NULL)) { if (tTd(49, 1)) /* debug use of logging */ printf("checkcompat: LogAll=%s e_id=%s\n", logall, e->e_id); /* construct the "X-Logged" header field */ strcpy(qtimestr, asctime(localtime(&e->e_ctime))); /* get time */ if (qtimestr[strlen(qtimestr)-1]=='\n') /* remove trailing */ qtimestr[strlen(qtimestr)-1]='\0'; /* line-feed asctime*/ sprintf(hlogval, "Logged by %s as %s at %s", MyHostName, e->e_id, qtimestr); /* our header field */ /* add the header if it doesn't already exist */ hlogvalp = hvalue(hlogged, e->e_header); /* get actual field */ if (hlogvalp==NULL) addheader(hlogged, hlogval, &e->e_header); /* Log the message if our header didn't exist or was not from us*/ if ((hlogvalp==NULL) || (strcmp(hlogvalp, hlogval)!=0)) { /* lock the logfile exclusive */ if (lockfile(fileno(lf), logall, NULL, LOCK_EX)) ; fseek(lf, 0, SEEK_END); /* go the eof for appending message */ /* syslog the usage of LogAll */ if (LogLevel >= LOGALLLEVEL) sm_syslog(LOG_INFO, e->e_id, "LogAll to %s at %s", logall, qtimestr); /* print the Unix From line to separate messages in log file*/ fprintf(lf, "From %s %s\n", e->e_from.q_user, qtimestr); /* scan all headers */ for (h = e->e_header; h != NULL; h = h->h_link) { /* check if our header is from us and recent */ /* if not change the field value to our field */ if (strcasecmp(h->h_field, hlogged)==0) { if (hlogvalp!=NULL) { h->h_value = realloc(h->h_value, strlen(hlogval)+1); strcpy(h->h_value, hlogval); } h->h_flags &= ~H_DEFAULT; /* set flag */ } /* log the header if appropiate */ if ((h->h_value!=NULL) && ((h->h_flags & H_RESENT)==0)) { fprintf(lf, "%s: %s\n", h->h_field, h->h_value); } if (h->h_flags & H_RCPT) toflag = 1; /* to-header*/ } if (!toflag) { /* if no to-header construct from envelope */ fprintf(lf, "To:"); for (a = e->e_sendqueue; a != NULL; a = a->q_next) fprintf(lf, " %s", a->q_paddr); fprintf(lf, "\n"); } fprintf(lf, "\n"); /* separate headers from body */ /* now add the body from temp file or queued data file */ sprintf(bfpath, "%s/df%s", QueueDir, e->e_id); /* body file */ if (e->e_dfp != NULL) { /* if body temp file is open use it */ bfpos = ftell(e->e_dfp);/* remember old position */ rewind(e->e_dfp); /* read from beginning */ while ((b_read = fread(b_buf, 1L, sizeof(b_buf), e->e_dfp)) != 0) fwrite(b_buf, 1L, b_read, lf); fseek(e->e_dfp, bfpos, SEEK_SET); /* set old pos */ } else if ((bf = fopen(bfpath, "r")) != NULL) { /* body file */ while ((b_read = fread(b_buf, 1, sizeof(b_buf), bf)) != 0) fwrite(b_buf, 1, b_read, lf); fclose(bf); } else { /* no body could be opened */ if (tTd(49, 1)) printf("checkcompat: fopen(%s) failed\n", bfpath); } fprintf(lf, "\n"); if (lockfile(fileno(lf), logall, NULL, LOCK_UN)) ; /* unlock*/ } fclose(lf); } /* ------------------------------------------------------------ * LogAll End * ------------------------------------------------------------ */ }
Current thread:
- [PEN-TEST] Hardware Penetration -- A Discovery Involving Gate Access Security Systems Ben Lull (Aug 28)
- [PEN-TEST] Sendmail: Keeping a copy of relayed email David Taylor (Aug 29)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email DmuZ (Aug 29)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Edward Mitchell (Aug 29)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Marco (Aug 29)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Fyodor (Aug 29)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email José M. Fandiño (Aug 30)
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Glynn Clements (Aug 31)
- [PEN-TEST] Sendmail: Keeping a copy of relayed email David Taylor (Aug 29)