[nylug-talk] Am I Spamming?

[Judd Maltin]

Hi folks,

I woke up this morning to a LOT of bounced email messages in my inbox.  All
spam.  The headers included in the bounce indicate that the original
message came from my IP address, yet I don't see anything matching in my
postfix logs.  My postfix is NOT a relay.

So I figure there's some other application, likely a PHP app or something,
that's been hijacked to send out spam.  I'd like to monitor the situation
before doing anything.  I'm going about it by using iptraf to monitor
connections from my only external interface to 0.0.0.0:25.

However, iptraf does not correlate connections to processes.  What other
tools would you folks use to find out what processes are using which ports
for the short period of time required to send an email?  That is, other
than leaving tcpdump on and culling through the results.

Thanks,
Judd