[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Mail Control



Hi !

> The server's eth0 points to LAN, eth1 points to ADSL Modem .. They
> have no access directly to internet.. all the connection passes
> through the Suse server.
> One of the PC is sending mail,  and I want to count how many e-mail
> that PC sending out at what time, and to whom, and if possible I want
> to check/see the content of the e-mails.
>
--> you could run "tcpdump" on the SuSE server. A command like
 tcpdump -U -w buffer.dat -i eth0 src <IP_of_sending_PC> and port 25

would write all STMP (port 25) traffic from one specific IP to a file. 
If you parse this file, you see at least sender (From), receiver (To) 
and the time of the email. The email content must be there as well but 
it is coded in some way.

HTH,
Armin


-- 
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here