[nylug-talk] Am I Spamming?

[Peter C. Norton]

On Thu, Jun 07, 2007 at 09:24:33AM -0400, Judd Maltin wrote:
> Hi folks,
> 
> I woke up this morning to a LOT of bounced email messages in my inbox.  All
> spam.  The headers included in the bounce indicate that the original
> message came from my IP address, yet I don't see anything matching in my
> postfix logs.  My postfix is NOT a relay.
> 
> So I figure there's some other application, likely a PHP app or something,
> that's been hijacked to send out spam.  I'd like to monitor the situation
> before doing anything.  I'm going about it by using iptraf to monitor
> connections from my only external interface to 0.0.0.0:25.
> 
> However, iptraf does not correlate connections to processes.  What other
> tools would you folks use to find out what processes are using which ports
> for the short period of time required to send an email?  That is, other
> than leaving tcpdump on and culling through the results.

Ntop is good for this specific
application. http://www.ntop.org/overview.html. 

-Peter

-- 
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.