OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Brentlinger (mdbrentlingerhotmail.com)
Date: Wed Jan 02 2002 - 09:57:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In the past Ive had little success with exchange's logging... Ive had
    similar problems to the ones you describe, had difficulty with needing to
    shut down and bringing up the smtp portions of exchage to enable and disable
    the logging as well.

    My solution was to just start using the sniffer ethereal. It will do smtp
    decodes so you can see the whole message, headers, etc without worrying
    about MS exchange logging, plus you can use it whenever you please and in
    some cases dont even have to touch the exchage server (if you are on a hub
    or somwhere that is easily sniffable).

    http://www.ethereal.com/

    Just run it from the command line... here are some examples...

       c:\>ethereal tcp smtp -t a
       c:\>ethereal tcp smtp -xnt a
       c:\>ethereal tcp smtp -xnt a > log.txt

    -mdb

    ----Original Message Follows----
    From: "James Renfrew" <JamesJamesRenfrew.Com>
    To: <focus-mssecurityfocus.com>
    Subject: Exchange 5.5 locking down
    Date: Tue, 1 Jan 2002 23:20:20 -0800

       I'm trying to lock down my Exchange 5.5 mail services. Primarily because
    of unwanted email, or Spam as it's more lovingly called.

    So I've enabled medium logging of the following services...
            Message Transfer
            SMTP Interface Events
            SMTP Protocol Log

    The net effect I want to do is capture IPs of offending spammers and then
    I'll add them to my firewall.

    Exchange says that it is suppose to log these events to the Event Log in
    windows. I've seen nothing appear in there after having several mail
    transactions processed.

    Would anyone know where these are logged to? (Application / System / File)

    I am running Exchange 5.5 on the flowing system...
            Dual PIII 800
            512MB Ram
            Application drive 68Gig free
            OS drive 2.2Gig free
            Win 2K Server
            Service Pack 2
            Exchange 5.5 with all patches and OWA installed

    Any suggestions would be appreciated. Also, any alternative ways for
    identifying and shutting down unwanted emails.

    James
    Generaljamesrenfrew.com

    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.