Date: Mon, 15 Aug 2011 17:19:20 -0500 From: Paul Schmehl <pschmehl_lists@tx.rr.com> To: alexus <alexus@gmail.com>, Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: looking for a spammer/virii/malware .... on my system Message-ID: <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu> In-Reply-To: <CAJxePNJ6k=0Na0Zcz7_j4EAs3QNHOSnSENp3AWVdfiirV_h_pA@mail.gmail.com> References: <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com> <D49826AA-9FF9-4848-A92A-5FF29A78679B@mac.com> <CAJxePNJ6k=0Na0Zcz7_j4EAs3QNHOSnSENp3AWVdfiirV_h_pA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On August 15, 2011 2:04:27 PM -0400 alexus <alexus@gmail.com> wrote: > I personally leaning towards that these headers are being modified and > that there is no spam leaving my box (I may be wrong of couse) > > here is what I did to come up with that thought.... > > I sent myself an email > The tcpdump command that Chuck gave you is all you need. *If* all traffic exits your network through your box, you will see anything going to port 25 *anywhere*. That should tell you quickly what the problem is, if there is one. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?033753EAA5A5EE53C17333A5>