recently switched from V6.06 to V7.13. The SMTP logs are huge but it is interesting the amount of info that has been added.Use the various log summarizing tools to get the big picture, and let the high-volume crap float to the top, where its self-criminalzing behavior shows exactly what to block.
Invalid email accounts, Sender IPs and a bunch of stuff.
Now when a email is "caught" in the rules.ima it now shows the actual line in the rules.ima that hooked it.
Anything else useful?
Use the Windows "find" (rather than trying to read the entire file with an editor) to search for strings, espcially when the log file gets into 10's or Mb.
Also, turn off all logging except SMTP which is where the abuse is, to keep the sysMMDD.txt files as small as possible.
If you use Unix text processing tools windows like grep, awk, uniq, sort, you can put together many useful ad hoc reports when analyzing and categorizing the wide range and various profiles of abuse patterns.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
