We have an old linux server we use to send emails with. It was set up by an employee who is no longer with the company, and no one has the login. We think we have moved all of our services off this server, so we think it is no longer being used. Is there a way to find out for sure that this linux server is no longer sending emails? Can I look through the logs for outbound traffic on port 25? I'm in the Sophos Central --> Firewall Management --> Report Generator and see a bunch of templates. I also see a query field below that. If I fill out a query, is that only querying against the template, or does this custom field bypass the template? I just put the source IP of the mail server in there, choose last 7 days, and generated the report. Am I going about this the right way?
Wow. Ok, so I totally missed the "Log viewer and search" drop-down option in the Report Templates. DOH!!!! I found what I'm looking for!