Here's some power for you: http://oreilly.com/openbook/utp/
http://www.gnu.org/software/coreutils/manual/ http://www.faqs.org/docs/artu/ch01s06.html On Wed, Jul 22, 2009 at 12:30, Sherry Abercrombie<saber...@gmail.com> wrote: > I'm a reluctant *nix admin, so I'll take gui over command line any day. ;) > > On Wed, Jul 22, 2009 at 2:25 PM, Jason Gurtz <jasongu...@npumail.com> wrote: >> >> If you don't need a gui interface there's actually native ports (including >> installers and no Cygwin needed!) of most gnu utils available. Check out >> gnuwin32.sf.net, click packages and click grep. >> >> The only drawback I find is that using these tools inhibits my groking of >> powershell a bit since it's a throwing around text vs. throwing around >> objects situation. >> >> Whee! >> >> ~JasonG >> >> > -----Original Message----- >> > From: Sherry Abercrombie [mailto:saber...@gmail.com] >> > Sent: Wednesday, July 22, 2009 15:10 >> > To: MS-Exchange Admin Issues >> > Subject: Re: 2k3 message tracking-Resolved >> > >> > LOL, well, usually only someone with *nix experience would even use the >> > word grep because most windows admins have no clue what grep is. Never >> > heard of this Windows Grep......off to Google to have a look at it. >> > >> > >> > On Wed, Jul 22, 2009 at 1:45 PM, <pramatow...@mediageneral.com> wrote: >> > >> > >> > Outlook 2007SP2 >> > Exchange 2003SP2 >> > Message was sent in plain text >> > >> > Where you are seeing strange code >> > >> > The top line was a path slash slash server slash windows slash >> > system32 slash logfiles slash w3svc1 >> > Next line was asterisk blinks asterisk >> > Next line after I hope so was three periods >> > Next line after Me was a spacedash >> > >> > Beats the heck out of me why it apostrophe s is being rendered >> > that way to you guys comma I have never seen this before period >> > >> > Putting this here so as not to chance adding another message of >> > doom to the list comma I said grep because I used a program called >> > Windows Grep to pull out the relevant bits from a massive log file smile >> > >> > >> > >> > -----Original Message----- >> > From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] >> > Sent: Wednesday, July 22, 2009 2:22 PM >> > To: MS-Exchange Admin Issues >> > >> > Subject: Re: 2k3 message tracking-Resolved >> > >> > >> > What are you using for a mailer? I'd love to know what makes >> > these >> > fantastic codes I keep seeing. >> > >> > -- >> > ME2 >> > >> > >> > >> > On Wed, Jul 22, 2009 at 2:00 PM, <pramatow...@mediageneral.com> >> > wrote: >> > > I've grepped out a bit of a log file from my +AFwAXA-server+AFw- >> > c+ACQAXA-WINDOWS+AFw-system32+AFw-LogFiles+AFw-W3SVC1 directory >> > > >> > > I can send you- My OWA session Logging on, creating and sending >> > a message and logging off. >> > > Let me know if it's ok to send to your vhcc.edu address. >> > > >> > > +ACo-blinks+ACo- >> > > >> > > neat and clear manner? I hope so+ICY- >> > > without HUGE sigs and disclaimers? Check. >> > > Graphics and other unnecessary additions? Check >> > > >> > > Me +IBM- >> > > list noob? Yep, been here for all of two months tomorrow. >> > > see inline graphics before? Yep. >> > > See complaints about inline graphics before today? Nope but duly >> > noted. >> > > >> > > reasonably spell checked? Check >> > > grammatically correct Nope. >> > > >> > > >> > > >> > > >> > > -----Original Message----- >> > > From: Glen Johnson +AFs-mailto:gjohnson+AEA-vhcc.edu+AF0- >> > <mailto:gjohnson%2BAEA-vhcc.edu%2BAF0-> >> > > Sent: Wednesday, July 22, 2009 11:07 AM >> > > To: MS-Exchange Admin Issues >> > > Subject: RE: 2k3 message tracking-Resolved >> > > >> > > I don't see anything referencing logins in the iis logs. Anyone >> > care to share what it looks like so I know what I'm searching for? >> > > Maybe I don't have the logging configured correctly or am not >> > looking for the right thing. >> > > All I see in the log is the get, search and propfind and search >> > verbs. >> > > >> > > -----Original Message----- >> > > From: Miller Bonnie L. +AFs-mailto:millerbl+AEA- >> > mukilteo.wednet.edu+AF0- <mailto:millerbl%2BAEA- >> > mukilteo.wednet.edu%2BAF0-> >> > > Sent: Wednesday, July 22, 2009 9:48 AM >> > > To: MS-Exchange Admin Issues >> > > Subject: RE: 2k3 message tracking-Resolved >> > > >> > > Can you find the logons in your server's IIS logs? I'm guessing >> > they are going to show a lot of activity if it came through via OWA. >> > > >> > > -Bonnie >> > > >> > > -----Original Message----- >> > > From: Glen Johnson +AFs-mailto:gjohnson+AEA-vhcc.edu+AF0- >> > <mailto:gjohnson%2BAEA-vhcc.edu%2BAF0-> >> > > Sent: Wednesday, July 22, 2009 6:08 AM >> > > To: MS-Exchange Admin Issues >> > > Subject: RE: 2k3 message tracking-Resolved >> > > >> > > Thanks to all for the suggestions. >> > > I finally had time to work on this more and found where the two >> > users had replied to phishing emails, provided their user name and >> > password. >> > > Looks like the phishers have a script that runs against owa and >> > sends out all the spam. >> > > The guilty users are being dealt with by their supervisors. I >> > suggested a clue-by-four upside the head as they been through security >> > training(twice) that addresses this exact issue. >> > > Oh well, job security. >> > > One last question. >> > > Is it possible to tell if the email were dumped into the >> > exchange server via owa or an outlook client. >> > > I'm not seeing any reference to Outlook in the messages so I'm >> > leaning towards OWA. >> > > >> > > -----Original Message----- >> > > From: Jason Gurtz +AFs-mailto:jasongurtz+AEA-npumail.com+AF0- >> > <mailto:jasongurtz%2BAEA-npumail.com%2BAF0-> >> > > Sent: Tuesday, July 21, 2009 3:49 PM >> > > To: MS-Exchange Admin Issues >> > > Subject: RE: 2k3 message tracking >> > > >> > > +AD4- When I reset the password on the two accounts that were >> > sending all the >> > > +AD4- spam, it stopped and hasn+IBk-t returned so the only >> > conclusion I+IBk-ve come up >> > > +AD4- with is that these two accounts got their password stolen, >> > and then some >> > > +AD4- script or bot accessed their OWA account and sent all the >> > spam. >> > > +AD4- >> > > +AD4- Does that sound possible/logical? >> > > >> > > Sounds like the users where phished and from what I've heard, >> > this is very >> > > common at edu's. You might want to check out installing >> > something like >> > > Untangle which has an anti-phishing filter +ADw- >> > http://www.untangle.com/+AD4- in >> > > front of your mail server(s). >> > > >> > > If you're motivated enough to install a Linux based mail gateway >> > you may >> > > be >> > > able to use this nifty scanning software called Kochi which >> > actually tries >> > > to authenticate to your AD: >> > > +ADw-http://oss.lboro.ac.uk/kochi1.html+AD4- >> > > >> > > I guess there's some client based tools too to stem the flow of >> > passwords >> > > through the browser, check out the Wikipedia article for a list >> > of things >> > > to >> > > try: http://en.wikipedia.org/wiki/Anti-phishing+AF8-software >> > > >> > > +AH4-JasonG >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > -- >> > Sherry Abercrombie >> > >> > "Any sufficiently advanced technology is indistinguishable from magic." >> > Arthur C. Clarke >> > Sent from Haslet, TX, United States >> >> > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > Sent from Haslet, TX, United States