Hello, I have a question, and I do not know if this is the right mailling list. I have a LAN of 10 Win98 PC, 1 Suse Squid, Samba, Masquare (iptables) and Gateway server.. The server's eth0 points to LAN, eth1 points to ADSL Modem .. They have no access directly to internet.. all the connection passes through the Suse server. One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails. Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. Anyways, is there a way to solve my problems. I can check the packets but I want to see what the pc is sending out.. Cheers ARiF
On Thu, 05 May 2005, ARiF made the net somewhat safer by saying:
Hello, I have a question, and I do not know if this is the right mailling list. I have a LAN of 10 Win98 PC, 1 Suse Squid, Samba, Masquare (iptables) and Gateway server.. The server's eth0 points to LAN, eth1 points to ADSL Modem .. They have no access directly to internet.. all the connection passes through the Suse server. One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails. Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. Anyways, is there a way to solve my problems. I can check the packets but I want to see what the pc is sending out..
Setup Postfix on the gateway and start parsing its logfile. There's a great maillog parser for Postfix, pflogsumm.pl that does (almost) exactly what you want (without the content checking). Having Postfix n the gateway also serves in viruschecking (much better to do it there then on a (Windows) client) and spamfiltering. I have no idea why you even have to ask for such obvious advice. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
"Theo v. Werkhoven" schrieb:
Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. [...] Setup Postfix on the gateway and start parsing its logfile. [...] I have no idea why you even have to ask for such obvious advice.
As far as I see he doesn't want to setup a local mailserver. -thh
On Fri, 06 May 2005, Thomas made the net somewhat safer by saying:
"Theo v. Werkhoven" schrieb:
Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. [...] Setup Postfix on the gateway and start parsing its logfile. [...] I have no idea why you even have to ask for such obvious advice.
As far as I see he doesn't want to setup a local mailserver.
I didn't read that, he just said there is no MTA installed now. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
Use "ethereal" to sniff the network. Apply filters in ethereal with the sender's IP-address, and port 25 (host aa.bb.cc.dd && port 25) .. my 5 cents.. On Friday 06 May 2005 14:12, Theo v. Werkhoven wrote:
On Fri, 06 May 2005, Thomas made the net somewhat safer by saying:
"Theo v. Werkhoven" schrieb:
Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. [...] Setup Postfix on the gateway and start parsing its logfile. [...] I have no idea why you even have to ask for such obvious advice.
As far as I see he doesn't want to setup a local mailserver.
I didn't read that, he just said there is no MTA installed now.
Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
Hi !
The server's eth0 points to LAN, eth1 points to ADSL Modem .. They have no access directly to internet.. all the connection passes through the Suse server. One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails.
--> you could run "tcpdump" on the SuSE server. A command like tcpdump -U -w buffer.dat -i eth0 src <IP_of_sending_PC> and port 25 would write all STMP (port 25) traffic from one specific IP to a file. If you parse this file, you see at least sender (From), receiver (To) and the time of the email. The email content must be there as well but it is coded in some way. HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
The Thursday 2005-05-05 at 13:35 +0300, ARiF UYSAL wrote:
One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails. Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails.
Mmmm... I don't know of a simple way to do that... except asking the CIA for advice on how they do it. -- Cheers, Carlos Robinson
Hmmm, Carlos E. R. wrote:
The Thursday 2005-05-05 at 13:35 +0300, ARiF UYSAL wrote:
One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails. Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails.
Mmmm... I don't know of a simple way to do that... except asking the CIA
Maybe because there is no simple Way ;-) SMTP was designed to work quick and simple, but since loads of engaged Mail Administrators do such _funny_ things called SMTP-Proxy Blacklists, SPF .... instead of implementing CA`s it is no more simple. So please check out local Mail policy, yes with the CIA, whom should know about, and ask him how to do the job.
for advice on how they do it.
Btw. Since you want to observe a single client, you would get personalized Data. This will be against privacy policy in many cases. Again, ask the CIA. Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: robin1.listas@tiscali.es, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! On Thursday 05 May 2005 12:35, ARiF UYSAL wrote:
... and Gateway server.. The server's eth0 points to LAN, eth1 points to ADSL Modem .. They have no access directly to internet.. all the connection passes through the Suse server.
Since you already have a server type machine install something like a store and forward mail proxy ( or simply use postfix for all the things you want to do)
One of the PC is sending mail, and I want to count how many e-mail that PC sending out at what time, and to whom, and if possible I want to check/see the content of the e-mails. Since there is no local mail server, I can not copy/re-direct any incoming and outgoing mails. Anyways, is there a way to solve my problems. I can check the packets but I want to see what the pc is sending out..
With some tweaking of the firewall you *could* probably redirect the flow of the smtp/pop communication, but there's a *but* ... As I do not know your country of origin there may be some laws against spying on private communications (and reading emails without informing the user PRIOR to it certainly qualifies as spying) and most certainly are. So I would advise to get some informations about certain laws and THEN try to find a way to do it, if it's legal.
Cheers ARiF
Greetings Wolfgang - -- - ----------------------------------------------------- Wolfgang Leithner Pinguin-Systeme.at GF Bereich Systeme und Security http://www.pinguin-systeme.at - ----------------------------------------------------- GPG Key Fingerprint: 21FE FB64 BD83 8385 364A E927 BB2F F331 84FD 12A9 - ----------------------------------------------------- GPG Public Key can be found at: http://www.pinguin-systeme.at/privacy/wl.asc - ----------------------------------------------------- Registered Linux User # 388544 To support the Cause of Linux and OpenSource please register at: http://counter.li.org - ---------------------------------------------------- Der Inhalt dieser Nachricht ist persoenlich und vertraulich und lediglich fuer die Verwendung durch den/die Adressaten bestimmt. Sollten Sie diese Nachricht irrtuemlich erhalten haben, infor- mieren Sie bitte postmaster@pinguin-systeme.at. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@pinguin-systeme.at - ----------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCe2Y8uy/zMYT9EqkRAjcgAJ9tADR2YzCuDyvq4Hn1D/fZuGPPwgCcCDWg CkQ1gGokUOwkzRV2qUJbT6U= =HTHP -----END PGP SIGNATURE-----
participants (8)
-
ARiF UYSAL -
Armin Schoech -
Carlos E. R. -
Dirk Schreiner -
Odd Arne Beck -
Theo v. Werkhoven -
Thomas Hochstein -
Wolfgang Leithner