Monday, July 9, 2012

FreeBSD: show outgoing SMTP connections

To show active NAT sessions: pfctl -s state
To show just those going to SMTP ports: pfctl -s state | awk '$7 ~ /:25$/'

Helpful to find outgoing NAT sessions that might be caused by a spambot like, oh, let's say maybe cutwail.

And to show all SMTP sessions, both directions:
 pfctl -s state | awk '$7 ~ /:25$/||$3 ~ /:25$/'