Thanks, Alan. That will help if something like this happens in the future. I presume that there is no way to get the information from any logs created in the past (Monday, to be exact). Too bad. The default seems to be to log only things that succeed. Alas, that is great for being able to say, "As far as I can tell, my system is working," but is no help in troubleshooting or in researching problems.
I wish I had a way to know in advance when and what type of problems we are going to have so that I could turn the appropriate information collectors on when they will be needed. TCPIP needs a Log What I Need facility. :-) Any chance that Chucky knows how to do that? Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] > Behalf Of Alan Altmark > Sent: Wednesday, October 04, 2006 4:45 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Accesses Denied > > > On Wednesday, 10/04/2006 at 03:13 MST, "Schuh, Richard" > <[EMAIL PROTECTED]> > wrote: > > I just got a report that a firewall blocked over 500K > attempts to send > e-mail > > from our VM system to the internet on Monday. So far, I > have drawn a > blank > > looking for the perpetrator. Is there any place in VM's > TCPIP complex > where > > something like this is logged? Before anyone asks, z/VM > 5.2.0 Service > level 601+ > > 1. Add VERIFYCLIENT EXIT ENDVERIFYCLIENT to SMTP CONFIG > 2. Copy SMTPVERX (SAMP?)EXEC to 198 and change it to display the IP > address of the client. > 3. Have it set the return code to 0 > > Normally you would specify "YES" instead of "EXIT" in order > to get the > SMTP server to validate that the host name on the HELO/EHLO > matches the IP > address of the client. The exit gives you exquisite control > over that > process. > > Alan Altmark > z/VM Development > IBM Endicott >
