Overview Monitoring mail outbound (egress) using Splunk isn’t as straight forward as you might think. I’ve put together a nice search string that will help identify egress email from an Ubuntu server.
How to set up a email server using Postfix, Dovecot and Roundcube on Linux Debian
Domain and Records Before you start anything, you need a domain. If you don’t have one, purchase one. Because it takes time to replicate the records, you need to start this processes first. You will need to create A records for the domain, I created the following: @ www mail smtp imap webmail I have… Read more »
How to set email alerting for SSH logins
As part of your security auditing, especially if the server is exposed to the internet, you should have an email configured to be sent to you in the event a user shells into the server. This will give you a clear indication the server has been compromised if you are not expecting a login event…. Read more »
