email monitoring tool

amushtaq · 08-17-2006, 06:51 AM

hi
i am looking for a system to monitor all the outgoing emails from my office LAN, preferebly an anonymous smtp traffic logger, so that i have a proper record of all the emails sent from the network. Do anybody know of such an application?

Thanks
Asif Mushtaq

fakie_flip · 08-17-2006, 09:08 AM

Yes, I do.

fakie_flip · 08-17-2006, 09:10 AM

Install dsniff and use mailsnarf. ngrep can also search for patterns through all of the packets. You will want your network adapter in promiscous mode.

Code:

ubuntu@ubuntu:~$ apt-cache show dsniff ngrep
Package: dsniff
Priority: extra
Section: universe/net
Installed-Size: 360
Maintainer: Steve Kemp <skx@debian.org>
Architecture: i386
Version: 2.4b1-13
Depends: libc6 (>= 2.3.4-1), libdb4.2, libice6, libnet1 (>= 1.1.2-1), libnids1.20, libpcap0.8 (>= 0.9.3-1), libsm6, libssl0.9.7, libx11-6, libxmu6, openssl
Filename: pool/universe/d/dsniff/dsniff_2.4b1-13_i386.deb
Size: 110282
MD5sum: cf2a74880691df66eb460caff48e674c
Description: Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:
.
* arpspoof - Send out unrequested (and possibly forged) arp replies.
* dnsspoof - forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff - password sniffer for several protocols.
* filesnarf - saves selected files sniffed from NFS traffic.
* macof - flood the local network with random MAC addresses.
* mailsnarf - sniffs mail on the LAN and stores it in mbox format.
* msgsnarf - record selected messages from different Instant Messengers.
* sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow - SSH traffic analyser
* tcpkill - kills specified in-progress TCP connections.
* tcpnice - slow down specified TCP connections via "active"
traffic shaping.
* urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
* webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy - sends URLs sniffed from a client to your local browser.
.
Please do not abuse this software.
Bugs: mailto:ubuntu-users@lists.ubuntu.com
Origin: Ubuntu

Package: ngrep
Priority: optional
Section: universe/net
Installed-Size: 92
Maintainer: Steve Kemp <skx@debian.org>
Architecture: i386
Version: 1.44-1
Depends: libc6 (>= 2.3.4-1), libpcap0.8, libpcre3 (>= 4.5)
Filename: pool/universe/n/ngrep/ngrep_1.44-1_i386.deb
Size: 29572
MD5sum: e41c5d4d308c089e531aa52417f74c56
Description: grep for network traffic
ngrep strives to provide most of GNU grep's common features,
applying them to the network layer. ngrep is a pcap-aware tool that
will allow you to specify extended regular expressions to match
against data payloads of packets. It currently recognizes TCP, UDP
and ICMP across Ethernet, PPP, SLIP and null interfaces, and
understands bpf filter logic in the same fashion as more common
packet sniffing tools, such as tcpdump and snoop.
Bugs: mailto:ubuntu-users@lists.ubuntu.com
Origin: Ubuntu

ubuntu@ubuntu:~$