We have an SMTP relay (just an XP box with SMTP) on our network. It's hanging around because some legacy apps used to use it so send emails from code.
It hardly gets any traffic, I can see from the SMTP log that it's only used every few days, if that.
Before I turn it off, I want to track where the emails are coming from (I can see the originating server, but I want to be able to see the SMTP header to get sender, recipient and if possible the body.)
How can I do this over a long period of time? I thought about wireshark, but am planning on leaving it running for a couple of weeks. Is this manageable or is there a better solution?
I've no idea about wireshark + windows, but using linux + tcpdump (almost equivalent from what I've heard), I had no problem capturing traffic for a few days provided that there is :
i know you said no wireshark but i think you should. simply add capture filters to your specific addresses that you know the email are originating from. you could also try and capture just X number of bytes to just attempt to get the header. check - capture filters