Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Mike Brentlinger (mdbrentlingerhotmail.com)
Date: Wed Jan 02 2002 - 09:57:00 CST
In the past Ive had little success with exchange's logging... Ive had
similar problems to the ones you describe, had difficulty with needing to
shut down and bringing up the smtp portions of exchage to enable and disable
the logging as well.
My solution was to just start using the sniffer ethereal. It will do smtp
decodes so you can see the whole message, headers, etc without worrying
about MS exchange logging, plus you can use it whenever you please and in
some cases dont even have to touch the exchage server (if you are on a hub
or somwhere that is easily sniffable).
Just run it from the command line... here are some examples...
c:\>ethereal tcp smtp -t a
c:\>ethereal tcp smtp -xnt a
c:\>ethereal tcp smtp -xnt a > log.txt
----Original Message Follows----
From: "James Renfrew" <JamesJamesRenfrew.Com>
Subject: Exchange 5.5 locking down
Date: Tue, 1 Jan 2002 23:20:20 -0800
I'm trying to lock down my Exchange 5.5 mail services. Primarily because
of unwanted email, or Spam as it's more lovingly called.
So I've enabled medium logging of the following services...
SMTP Interface Events
SMTP Protocol Log
The net effect I want to do is capture IPs of offending spammers and then
I'll add them to my firewall.
Exchange says that it is suppose to log these events to the Event Log in
windows. I've seen nothing appear in there after having several mail
Would anyone know where these are logged to? (Application / System / File)
I am running Exchange 5.5 on the flowing system...
Dual PIII 800
Application drive 68Gig free
OS drive 2.2Gig free
Win 2K Server
Service Pack 2
Exchange 5.5 with all patches and OWA installed
Any suggestions would be appreciated. Also, any alternative ways for
identifying and shutting down unwanted emails.
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.