spoofed or not?
Results 1 to 9 of 9

Thread: spoofed or not?

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    11

    spoofed or not?

    I have a server that I think is being spoofed, but my NOC seems to think the spammer is on my box. Is there a way I can scan outgoing messages for specific keywords related to the content of the email body? This guy sends the same email every time, so one or two keywords should do it.

    If anyone knows of a better way, I crave the knowledge.

    Thanks!

  2. #2
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    what mail client are you using?

  3. #3
    Junior Member
    Join Date
    Jul 2004
    Posts
    11
    Exim

  4. #4
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Have you looked at MailScanner?

  5. #5
    Junior Member
    Join Date
    Jul 2004
    Posts
    11
    no i hadn't, i was considering ethereal but wasn't sure..

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    If using Exim, I presume some sort of *NIX as your NOS.
    Why not use procmail to copy outgoing messages to a temp file or mailbox for a while to see.
    If your mail server is busy you will need to keep disk space in mind as the file can grow quickly.
    Make sure your policies allow you to redirect a copy of outgoing messages for review.

    SGS

  7. #7
    Junior Member
    Join Date
    Jul 2004
    Posts
    11
    Do you know a good tutorial for procmail to do what I need? I've searched google and the procmail site, but since i'm not much of a programmer i'm not really sure what I need it to do other than search for keywords in outgoing mail...

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: spoofed or not?

    Originally posted here by croakingtoad
    I have a server that I think is being spoofed, but my NOC seems to think the spammer is on my box.
    Ask them for proof. That way you too can verify it.

    Is there a way I can scan outgoing messages for specific keywords related to the content of the email body? This guy sends the same email every time, so one or two keywords should do it.
    You're running Exim as an MTA? So your port 25 is open to the world?
    Are you sure you're not an open relay? Check and double check to make sure you aren't.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Junior Member
    Join Date
    Jul 2004
    Posts
    11
    No, according to the NOC Exim is setup not to open relay. I had run an open relay check a while back as well, and it returned negative results so I don't think that's it..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •