Exchange 2010 can give you the "instantaneous" data, but doesn't provide any BI that comes out of the raw data. Didn't intend to imply that it was "hard" or "difficult" - just that it wasn't built-in.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 13, 2010 5:26 PM To: MS-Exchange Admin Issues Subject: Re: Alert and possibly throttle outbound email per user On Tue, Jul 13, 2010 at 12:24, Bolser, Scott <scott.bol...@childrens.harvard.edu> wrote: > I’ve been searching around for logical solution to monitor and > throttle Exchange accounts if a user has unknowingly given up their > username/password in a phishing attack. The typical attack utilizes > OWA to start sending SPAM shortly afterwards. Environment is Exchange 2007 > SP2. > > I’m attempting to find a solution that would trigger an alert if a > user is sending ‘x’ number of messages in a 30 minute to 1 hour window. > > Has anyone found a simple solution? > > Thanks, > > Scott MBS says a third party app. I wonder if, for instance, nagios/syslog/MOM/OSSEC/OSSIM/whatever can monitor the logs and keep a count of SMTP transactions by IP address and if a threshold is exceeded raise an alarm. Kurt