[Snort-sigs] capture email

Erek Adams erek at ...95...
Wed Nov 5 13:48:10 EST 2003


On Tue, 4 Nov 2003, Ricardo Londono wrote:

> I run Postfix.  I looked at ProcMail but I can't seem to find any info
> when running PostFix as MTA or Relay...  I don't perform any local
> delivery at all.  Mail gets forward to GroupWise server.

mailsnarf of the dsniff toolset [0] is the tool you want, but from what
you say... I'm not sure it will help.

Student logins to hotmail/yahoo/whatever and creates and sends the
message.  That's an outbound connection on 80, and could be SSL'ed.  Types
the message clicks send.  Then the mailserver on the other side gets the
message, and routes it to you.  You could catch the email coming 'from'
the remote server into you, but not leaving you going to the remote
server.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.monkey.org/~dugsong/dsniff/




More information about the Snort-sigs mailing list