Hi,
Some time ago I asked this group about an idea of mine to track smtp activity.
The reason I want to do so is that a while ago I was suspected of sending spam messages. Knowing that I would never do such a thing I assumed I got infected with some kind of a worm. (I understand that there are some worms that work on Linux).
While thinking it over, I remembered a friend of mine who works in Cyprus. He told me about a service the credit card companies have. When your credit is charged you get an SMS on your cell phone. So now I send a message to the user every time an outgoing smtp connection is made. The user should know if the warning he got is due to his initiation of sending an e-mail or else...
So finally I implemented it calling it warnsmtpd. That is it' runs as a daemon. It is now running on my machine - basically a RH 9 machine. It is using information from /proc directory. More specifically, I detect smtp communication from /proc/net/tcp (should I look into UDP also?) on remote_port 0019 (25) and correlate the inum to the fd link file in /proc/XXXX/fd/...(one of them is a symlink to "socket:[INUM]"). With that I write warning print like:
The program /usr/local/mozilla/mozilla-bin pid 15914 sends SMTP message using tcp Protocol to Remote_Address 212.117.129.230
The program detects if you got X11 running (again looking for processes in /proc but this time looking for the file cmdline) . In that case it will use xmessage to send you the warning. otherwise it sends the message to /dev/console.
If this solution is worthwhile, I want your help to make it a GPL package.
Even though I call this program version 0.1.0' I consider it as merely the first draft.
I want to get your comments about everything including necessity, style, portability.
You can get this program from: ftp://[EMAIL PROTECTED]/WarnSMTP-0.1.0.tar.gz
Unfortunately, you will need a password: warnsmtp
The file you need to compile is in /usr/src/WarnSMTP-0.1.0. I did not put in a Makefile in because simple compilation is all it currently need. (no ./configure , no portability )After compilation, put warnsmtpd in /usr/local/bin if you like. I also added the startup script in /etc/init.d and a launching script in /usr/local/bin which assume warnsmtpd is in /usr/local/bin
-- Thanks.
David Harel,
==================================
Home office +972 4 6921986
Fax: +972 4 6921986
Cellular: +972 54 4534502
Snail Mail: Amuka
D.N Merom Hagalil
13802
Israel
Email: [EMAIL PROTECTED]================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
