How To Sniff SMTP Traffic Correctly

Forum|Forum|18 years ago
June 7, 2008
3 replies
5024 views

I' m wana use the command: " diag sniffer packet internal" to get which computer are sending SPAM to internet trough my FG Unit public ip. How can I do that? I need to found which PC is sending spam because my ISP report that my IP address is in an abuse list. Maybe it could be for a kind of virus, but my antivirus said that everything is fine. We do not have internally SMTP server. Thanks in advance,

red_adair

New Member

#diag sniff pack internal ' tcp and port 25 and not host <ip-of-your-ext-mail-server' so you sniff for all smtp traffic except traffic to/from our ext SMTP Mail Server. As an immediate action - why do you not refuse SMTP except to your external SMTP?

rwpatterson

New Member

If you look through the dashboard ' Statistics > Sessions > Details' and filter on destination port 25, you' ll see all traffic going out to SMTP servers. The source should be very clear there. Good luck

John_Stoker

Explorer

If you do deny all smtp outbound minus your mail server, then you can reference you traffic logs (if " log traffic" is enabled in the policy) to see what IPs are getting blocked for mail. many ways to find this out, but best practice would be to block smtp outbound except where absolutely needed. Best of luck

A

Anonymous_UserAuthor

Contributor

Hi ...I block SMTP outbound trafic to all minus our mail server and then we check our logs. Thanks for your support. Best Regards,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded