Monitoring all email traffic outgoing from my server

[fmortara]

Hello,
How can I to do, for monitor/log all traffic outgoing from my server?

I want to know if anyone is sending email using another program/script in my server bypassing exim.

I think that I must log all outgoing traffic from port 25, can i do it using iptables?

If yes, how to?

Thanks
FM

 

[proHSP]

You can just block it with ipt_owner module:
modprobe ipt_owner
iptables -I OUTPUT 1 -m owner -m tcp -p tcp --dport 25 --uid-owner mail -j ACCEPT
iptables -I OUTPUT 2 -m owner -m tcp -p tcp --dport 25 --uid-owner root -j ACCEPT
iptables -I OUTPUT 3 -m tcp -p tcp --dport 25 -j DROP