Link to home
Start Free TrialLog in
Avatar of Starr Duskk
Starr DuskkFlag for United States of America

asked on

smtp port 25 trace

I want to do a wireshark port 25 trace to trace smtp connections that are from someone trying to spam through my mail server without authentication.

I have my filter as:

src port 25

Is that correct?

What do I look for in the results to see where the spam is coming from?

My security is locked up so they aren't getting through, but they're hammering the server very hard with connections.

thanks.
ASKER CERTIFIED SOLUTION
Avatar of Richard Quadling
Richard Quadling
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Aditya Milan
Aditya Milan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
What email server are you using?  There are various techniques you can use within the mail server to combat excessive activity.  The mail server logs will give you the bigger picture.
Avatar of Starr Duskk

ASKER

icewarp merak mail server.

I have the security settings set very tight. nearly everything in security is turned on.

it blocks them with authentication, but it doesn't stop them from hitting the server with connections in the first place.

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I read about tarpitting, however, I cannot find it in merak mail.

Where is it, please?
thanks.
I have version 9 and my security tab does not have any of those options, including tarpitting.
I had to move my mail server to a separate webserver and my license key no longer works. So I am running the trial version. I have sent numerous messages, Merak has no phone support, to Merak, both online and via my last ticket, and they refuse to respond. I am now running out of days on the trial and I am a fully paid member.

When entering the registration key, it says to use the form to request a key or request it on the site. There is no form to request a key and I have used the site. I am so frustrated with Merak.

The answer to this issue in regard to smtp was asking me about my webmail, which I don't even have or use webmaill!

I can't believe I renewed with Merak knowing that their support in the past was pathetic and then I reupped my license with them, and if I don't get a new key within 2 days I will have to purchase an entirely different product from someone else anyway! This is so frustrating!

Icewarp Merak Mail support is non-existent!

I just paid 3 techs from 3 different consulting agencies over $300 to look at our Merak Mail server and try to help with this issue. The first two had no suggestions and took the money. The third at least had several suggestions, but no fixes.

>>If the smtp server is supposed to only accept requests from internal networks,

We have to accept requests from other networks or mail to our users from other mail servers won't get through.
None of these were really solutions for my problem. I never got a response as to what to look for in the results to see what was going on. But I want to close it out.