-
No, those are more client-side spam filters, I am wanting something that I can monitor for specific phrases for server-side transmitting via the SMTP server to catch a possible rogue spammer on my network, or alternatively to determine if I'm just being spoofed.
-
Quote:
Originally posted here by croakingtoad
I use Exim.
Could you explain Pop before SMTP?
Sure.
In a nutshell, your users are only allowed to relay (send external email) if they have
the username and password for a valid account on the system.
Since most email clients will login via POP/IMAP 1st before the SMTP server is hit, you can
force login creds to be send prior to allowing email to be sent through your server.
Many relay controls tools use either SMTP authentication which is okay and others use
IP addresses to control mail relaying which is easier to circumvent.
Although you don't have a relay problem per se, you might be able to use the logging to
determine who might be spamming if in fact they are.
In your case, google for "exim pop before smtp"
SGS
-
I don't know how you have set up the machine, but I
suggest you to have a look at procmail.
You might be able to configure it such that it does what
you want.
/edit: oups, already suggested, cheers to ss2chef :D
-
My apologies. I didn't even notice that the thread is in *nix discussions and here I am tossing windows based solutions at you. I'm currently checking out some *nix alternatives for monitoring SMTP traffic. I'll see what I can find for you. One other thing, a good step in finding out if you have a rogue spammer vs. being spoofed is checking the expanded headers of the emails in question. It's not 100% fullproof (because Received: fields can be spoofed as well). For the most part, I was able to accurately determine that malicious email originated outside my network just by checking the originating Received: fields.