These events are logged to the Application log on the Exchange server (your
diagnostics logging settings are correct).

You can also configure your Exchange server to prohibit relaying from
unauthorized hosts. See:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q193922

and

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q196626

and

http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696

The server will also log relay attempts.

Chris

-----Original Message-----
From: James Renfrew [mailto:JamesJamesRenfrew.Com]
Sent: Wednesday, January 02, 2002 1:20 AM
To: focus-mssecurityfocus.com
Subject: Exchange 5.5 locking down

  I'm trying to lock down my Exchange 5.5 mail services. Primarily because
of unwanted email, or Spam as it's more lovingly called.

So I've enabled medium logging of the following services...
        Message Transfer
        SMTP Interface Events
        SMTP Protocol Log

The net effect I want to do is capture IPs of offending spammers and then
I'll add them to my firewall.

Exchange says that it is suppose to log these events to the Event Log in
windows. I've seen nothing appear in there after having several mail
transactions processed.

Would anyone know where these are logged to? (Application / System / File)

I am running Exchange 5.5 on the flowing system...
        Dual PIII 800
        512MB Ram
        Application drive 68Gig free
        OS drive 2.2Gig free
        Win 2K Server
        Service Pack 2
        Exchange 5.5 with all patches and OWA installed

Any suggestions would be appreciated. Also, any alternative ways for
identifying and shutting down unwanted emails.

James
Generaljamesrenfrew.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]