Printable View
I have a server that I think is being spoofed, but my NOC seems to think the spammer is on my box. Is there a way I can scan outgoing messages for specific keywords related to the content of the email body? This guy sends the same email every time, so one or two keywords should do it.
If anyone knows of a better way, I crave the knowledge.
Thanks!
what mail client are you using?
Exim
Have you looked at MailScanner?
no i hadn't, i was considering ethereal but wasn't sure..
If using Exim, I presume some sort of *NIX as your NOS.
Why not use procmail to copy outgoing messages to a temp file or mailbox for a while to see.
If your mail server is busy you will need to keep disk space in mind as the file can grow quickly.
Make sure your policies allow you to redirect a copy of outgoing messages for review.
SGS
Do you know a good tutorial for procmail to do what I need? I've searched google and the procmail site, but since i'm not much of a programmer i'm not really sure what I need it to do other than search for keywords in outgoing mail...
Ask them for proof. That way you too can verify it.Quote:
Originally posted here by croakingtoad
I have a server that I think is being spoofed, but my NOC seems to think the spammer is on my box.
You're running Exim as an MTA? So your port 25 is open to the world?Quote:
Is there a way I can scan outgoing messages for specific keywords related to the content of the email body? This guy sends the same email every time, so one or two keywords should do it.
Are you sure you're not an open relay? Check and double check to make sure you aren't.
No, according to the NOC Exim is setup not to open relay. I had run an open relay check a while back as well, and it returned negative results so I don't think that's it..