This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reporting Outbound Port

Hi all,

Is there a way to report a list of IP addresses that are going out on a specific port? We're having an issue with SPAM and ideally need to see what IP addresses are sending out on port 25 on one of our external IP addresses. Looking through the logging and reporting I can't seem to find a way to do this.

Thanks

This thread was automatically locked due to age.

0 BAlfson over 11 years ago

Hi, Plaice, and welcome to the User BB!

On the 'Bandwidth Usage' tab of 'Logging & Reporting >> Network Usage', select "Top Servers by Service" using "SMTP" and you should see a list. Do you have a subscription for Mail Protection?

Cheers - Bob
PS When posting a question, please always state the exact version - 9.106-17?
Cancel
Vote Up 0 Vote Down

Cancel
0 Plaice over 11 years ago in reply to BAlfson

Ni Bob,

Thanks for that. Found the right area.

No we don't have a subscription to Mail Protection.

Will be going through logs now to try and find the offending user as the only IPs I can see are valid Exchange servers.

One quick question, is there any way to filter the list for a specific IP? We have a range of external IP addresses and I'm only really concerned with looking at one of them and the view is showing inbound connections where we only really need to see what is going out.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 11 years ago

Hi, try tcpdump or iftop on the console.

e.g.
tcpdump -i eth1 port 25

assuming eth1 is your INTERNAL interface.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Did you try "Top Servers by Service" with SMTP?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel