Archive for the tag 'SMTP'

Tcpdump to monitor SMTP activity from a IP or range of IP

The tcpdump is a useful utility to monitor the network activity in the server.

tcpdump -i eth0 -n src 192.168.1.22 \or dst 192.168.1.22 -w smtp.tcpdump -s 2048

You can monitor the SMTP activity to find out the mail account used by spammer.
The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.

Use the following command to monitor a range of IP

tcpdump -i eth0 -n src net 119.91.0.0/16 \or dst net 119.91.0.0/16 -w smtp.tcpdump -s 2048

The above command will monitor the range of IP starting with 119.91. You can use Wireshark to analyze the dump file.

For VPS you need to use venet0:0

tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ]
[ -C file_size ] [ -F file ]
[ -i interface ] [ -m module ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ]
[ -E spi@ipaddr algo:secret,... ]
[ -y datalinktype ] [ -Z user ]

Enable Alternate Port other than 25 or 587 (via SSH) in Plesk

Make a copy of /etc/xinetd.d/smtp_psa. For this walkthrough the new filename created is smtp_nonstandard. A command like this should work:

cp /etc/xinetd.d/smtp_psa /etc/xinetd.d/smtp_nonstandard

Add these lines to the copy you just made:

vi /etc/xinetd.d/smtp_nonstandard

type = UNLISTED
port = 2525

and change the service name to match the name of the file. A sample smtp_nonstandard looks like this:

service = smtp_nonstandard
type = UNLISTED
socket_type = stream
protocol = tcp
port = 2525
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

# Restart xinetd:

/etc/init.d/xinetd restart

# You should now be able to send mail through your server on port 2525. You may pick a different port if you use this method. We suggest choosing a high port number to avoid using commonly used ports on the internet.

Change SMTP source IP address in sendmail

1. Edit sendmail.cf search for ClientPortOptions

2. Change

#O ClientPortOptions=Family=inet, Address=x.x.x.x

to

O ClientPortOptions=Family=inet, Address=

3. Restart sendmail

4. Verify by sending a mail and checking the full header

CLIENT_OPTIONS(`field1=value1,field2=value2,…’) in sendmail.mc file is equivalent to ClientPortOptions in the sendmail.cf file.

SBDavid

How to change SMTP port in postfix

How to change SMTP port in postfix

The default SMTP port is 25. In Postfix we can change it to some other port (say 6000) using the following steps.

Open the file master.cf.

$ vi /etc/postfix/master.cf

Add the following line to the file.

6000 inet n - n - - smtpd

Restart postfix.

$ /etc/init.d/postfix restart

You can check the connection to the new port using telnet. Also make sure that the new port is not blocked in the server firewall.