Ping a Specific Port

Question

brad

Asked: 2010-11-10 05:07:20 +0800 CST2010-11-10 05:07:20 +0800 CST 2010-11-10 05:07:20 +0800 CST

monitoring outbound traffic on port 25

772

I just started up a new instance that i build using debian squeeze on amazon last night. This morning I just got an email saying that I reached a limit on the volume of email you were able to send out of SMTP port 25 on your instance

I'm not sys admin min by any means but I'm relatively comfortable using linux, but I've never had this problem before. I tried searching for some mta's installed that i know of, postfix, exim etc.. and saw nothing, so I think in need to go a bit lower level and just monitor port 25 to see what's happening.

Can someone enlighten me as to some tools I can use to find out what mail activity is going on on my server? And maybe some tips on tightening things up, I don't use a mail server at all, i really only run webapps.

Many thanks.

4 Answers

Voted

Janne Pikkarainen · Answer 1 · 2010-11-10T05:09:42+08:00

Janne Pikkarainen

2010-11-10T05:09:42+08:002010-11-10T05:09:42+08:00

Who needs a fancy monitor when log files do? :-) Have you read the log (probably something like /var/log/mail.log)? From there you can see if there was recently some abnormal SMTP activity.

If you want to monitor the network traffic itself, then tcpdump or wireshark are good choices.

1

flooble · Answer 2 · 2010-11-10T09:23:17+08:00

flooble

2010-11-10T09:23:17+08:002010-11-10T09:23:17+08:00

Can I suggest that before you do anything else you stop that MTA.

If you've received a "You've sent too much mail" warning, and as far as you're concerned you haven't sent any, then one of two things is happening, Amazon are logging incorrectly, or you have an open relay, and my money is on the latter more than the former.

1

Glenn Kelley · Answer 3 · 2010-11-10T08:14:30+08:00

Glenn Kelley

2010-11-10T08:14:30+08:002010-11-10T08:14:30+08:00

iptraf will also let you monitor live traffic

apt-get install iptraf

However I agree with the previous posts - and you would be smart to check the system logs first.

Have you also checked to verify your mail server is not an open Relay? Might be best to do so...

There are free tools to do this - http://www.checkor.com/ is one. If it is an open relay than the problem most likely is that the system needs to be locked down.

If it is not - than you may have a script doing something it should not...

Check that first - and then let us know - the community is here to help

0

ben lemasurier · Answer 4 · 2010-11-10T08:48:50+08:00

ben lemasurier

2010-11-10T08:48:50+08:002010-11-10T08:48:50+08:00

I think the easiest way to get a quick look at exactly what's happening would be to utilize IPTables. How about something like:

iptables -A INPUT -p tcp -s <your_ip_range/x> --dport 25 -j LOG --log-level debug

0

monitoring outbound traffic on port 25

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?