OT: Linux question

Fairlight fairlite at fairlite.com
Tue Jun 14 12:18:12 PDT 2011


Confusious (Bob Thomason) say:

> Since some of you on this list are linux gurus, I'm posting the following
> request.
>
> I have a client who is running a linux firewall and email is passing thru
> to a backend email server (btw I support the fw server).  Email server is
> Lotus Notes.....I think.  So the firewall is not logging email traffic
> except for outgoing (port 25).
>
> The problem is that my client has over 100 machines on their
> lan.......some in remote locations ....and they have had a problem(s)
> with virus/malware issues on one or more machines.
>
> What we are looking for is a way to track email traffic that will allow
> us to identify traffic to a machine that may be suspicoius.
>
> The logs from the internal email server are not sufficient.
>
> Any suggestions?

You don't say -exactly- what information you want to track that is not
sufficient in the mail logs.

What -do- you want to grab from each message?

Are you purely using the linux box as a firewall, or are you using sendmail
or another MTA as a relay to the Lotus Notes machine?

mark->
-- 
Audio panton, cogito singularis.


More information about the Filepro-list mailing list