Re: [IMail Forum] SMTP Auth question and logs

Mon, 01 Nov 2004 02:19:04 -0800

SMTPD (4f3d4f56001eb4a5) Authenticated [EMAIL PROTECTED], session treated as local.
SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx.xxx] MAIL FROM: <[EMAIL PROTECTED]>

This is not the case
These to lines will not have same session id "(4f3d4f56001eb4a5)" in the logs


----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 01, 2004 6:49 AM
Subject: RE: [IMail Forum] SMTP Auth question and logs


The following shows the logs lines you should see in the log, prepended with
date and time.

The Authenticated line shows the username used to authenticate to the
server. The MAIL FROM line shows how that user as the their e-mail addressed
to display in their e-mail client.

SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx] connect xxx.xxx.xxx.xxx port 53929
SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx.xxx] EHLO upladm01a
SMTPD (4f3d4f56001eb4a5) Authenticated [EMAIL PROTECTED], session
treated as local.
SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx.xxx] MAIL FROM:
<[EMAIL PROTECTED]>
SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx.xxx] RCPT TO:
<[EMAIL PROTECTED]>
SMTPD (4f3d4f56001eb4a5) [xxx.xxx.xxx.xxx] F:\Spool\D4f3d4f56001eb4a5.SMD
8965

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:IMail_Forum-
[EMAIL PROTECTED] On Behalf Of Kelly Britt of "Need A Dot Com?"
Sent: Sunday, October 31, 2004 7:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] SMTP Auth question and logs

Also,

The SMTP Remote senders report is showing thousands of '<>' senders, even
though we have the registry flag set to disallow null senders (and yes I
know it's non-RFC compliant).

Your advice on these matters is very much appreciated.

-Kelly



>
> I'm using the Log Analyzer tool to check remote SMTP users.  Our
> mail server
> will only relay for authenticated users, and a few local IPs in
> our network.
> It seems from a report that a user can authenticate, and still show a
> different 'from' address in the logs (pressumably because this is how
they 
> have their email client configured.)
>
> Is there a report or log info that will disclose the
> authentication so that
> we me identify the actual user?
>
> Thanks,
>
> Kelly Britt
>
>      "Need A Dot Com?"
> __________________________________________________
> [EMAIL PROTECTED]  http://needa.com   770-569-2076
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ 
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to