Monitor SMTP Traffic - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Monitor SMTP Traffic

  1. #11
    Junior Member
    Join Date
    Jul 2004
    Posts
    11
    No, those are more client-side spam filters, I am wanting something that I can monitor for specific phrases for server-side transmitting via the SMTP server to catch a possible rogue spammer on my network, or alternatively to determine if I'm just being spoofed.

  2. #12
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by croakingtoad
    I use Exim.

    Could you explain Pop before SMTP?
    Sure.

    In a nutshell, your users are only allowed to relay (send external email) if they have
    the username and password for a valid account on the system.

    Since most email clients will login via POP/IMAP 1st before the SMTP server is hit, you can
    force login creds to be send prior to allowing email to be sent through your server.

    Many relay controls tools use either SMTP authentication which is okay and others use
    IP addresses to control mail relaying which is easier to circumvent.

    Although you don't have a relay problem per se, you might be able to use the logging to
    determine who might be spamming if in fact they are.

    In your case, google for "exim pop before smtp"

    SGS

  3. #13
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    I don't know how you have set up the machine, but I
    suggest you to have a look at procmail.
    You might be able to configure it such that it does what
    you want.

    /edit: oups, already suggested, cheers to ss2chef
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  4. #14
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    My apologies. I didn't even notice that the thread is in *nix discussions and here I am tossing windows based solutions at you. I'm currently checking out some *nix alternatives for monitoring SMTP traffic. I'll see what I can find for you. One other thing, a good step in finding out if you have a rogue spammer vs. being spoofed is checking the expanded headers of the emails in question. It's not 100% fullproof (because Received: fields can be spoofed as well). For the most part, I was able to accurately determine that malicious email originated outside my network just by checking the originating Received: fields.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •