Hello,
We have an old linux server we use to send emails with. It was set up by an employee who is no longer with the company, and no one has the login. We think we have moved all of our services off this server, so we think it is no longer being used. Is there a way to find out for sure that this linux server is no longer sending emails? Can I look through the logs for outbound traffic on port 25? I'm in the Sophos Central --> Firewall Management --> Report Generator and see a bunch of templates. I also see a query field below that. If I fill out a query, is that only querying against the template, or does this custom field bypass the template? I just put the source IP of the mail server in there, choose last 7 days, and generated the report. Am I going about this the right way?
Wow. Ok, so I totally missed the "Log viewer and search" drop-down option in the Report Templates. DOH!!!! I found what I'm looking for!
Hi,
you can check using either the firewall rule refined to the servers IP address or use the mail tab.
Ian
XG115W - v19 GA - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
Hi rfcat_vk thanks for the reply. Can you elaborate a bit on just how/where to do each of those methods? Also, I don't think I've ever seen a mail tab yet anywhere in the Sophos.
Logviuewer has many tabs.
I see now. I guess I call those "drop-downs". So does the email section in log viewer show all smtp connections going through it by default, or do I have to be using Sophos email protection for any data to be here? Regardless, my reports partition kept filling up and wasn't deleting old data, so I had to literally uncheck every"local" checkbox in the log options to send to the cloud instead. There are no logs being kept on the firewall anymore and I can't find in Report Generator where to see what IP connections if any are going to this SMTP server. I can find areas that show neat colorful graphs and it shows the AMOUNT of SMTP connections, but no source/destination IPs -- what I'm really trying to find.