michaelshavel
asked on
Server 2003 - Who is connecting to port 25?
Hi,
I have a Windows Server 2003 machine running Exchange 2003.
Is it possible to get a list of IP addresses that are currently connecting to port 25 (SMTP) and see how many connections they are currently using? The reason I want to be able to do this is to find out if a spammer is connecting to my machine and flooding it with spam.
Using Linx I would do something like this:
netstat -na | grep :25 | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -20
Then once I determined it was an IP address that should be be connecting to my server (For example, we don't get any mail from Romania), I would insert a rule into iptables to not allow them further access and then I'd use 'Kill' to terminate their current SMTP connections.
Are there either built-in or third party tools that would allow me to do the same things -- namely
1. See who is connecting to port 25 and how many connections they are making
2. Boot them off once I see they are up to no good.
(I am using a Cisco Pix firewall so I can enter their IP address into this once I determine it to be nasty)
Thanks very much.
Mike
I have a Windows Server 2003 machine running Exchange 2003.
Is it possible to get a list of IP addresses that are currently connecting to port 25 (SMTP) and see how many connections they are currently using? The reason I want to be able to do this is to find out if a spammer is connecting to my machine and flooding it with spam.
Using Linx I would do something like this:
netstat -na | grep :25 | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -20
Then once I determined it was an IP address that should be be connecting to my server (For example, we don't get any mail from Romania), I would insert a rule into iptables to not allow them further access and then I'd use 'Kill' to terminate their current SMTP connections.
Are there either built-in or third party tools that would allow me to do the same things -- namely
1. See who is connecting to port 25 and how many connections they are making
2. Boot them off once I see they are up to no good.
(I am using a Cisco Pix firewall so I can enter their IP address into this once I determine it to be nasty)
Thanks very much.
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
cmorffew
You can review the Exchange system logs - this will tell you all the connections that are being made.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.