Thanks Ed for clarifying it.
-Original Message-
From: Ed Crowley [MVP] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 6:01 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
They are copies delivered to that location because you asked for it by
setting the
from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sanjeev Sharma
Sent: Tuesday, December 23, 2003 4:49 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Ex 5.5, SP4.
The Diagnostics Logging for Message Archival i
because? Please
help me to understand this. Thanks.
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 3:10 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Yeah, I don't try to block everything, but I do occasionally
because? Please
help me to understand this. Thanks.
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 3:10 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Yeah, I don't try to block everything, but I do occasionally
are
in
fact the logs from the imcdata/log folder yes?
Can IIS smtp logs be expected to be in the same format?
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 3:09 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
The AUT
/log folder yes?
Can IIS smtp logs be expected to be in the same format?
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 3:09 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
The AUTH you posted below was just an advertis
e the traffic.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 3:36 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
I didn't take it as a slam :) I'll read those rfc's
So th
Tuesday, December 23, 2003 2:08 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Answering myself here...
This is one of those big reasons why I believe that everyone should be
familiar with the SMTP RFCs (2821 and 2822). You have to know what
you're looking at to understand
EMAIL PROTECTED] On Behalf Of Webb, Andy
Sent: Tuesday, December 23, 2003 4:08 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Answering myself here...
This is one of those big reasons why I believe that everyone should be
familiar with the SMTP RFCs (2821 and 2822). You have to know
--
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy
Sent: Tuesday, December 23, 2003 3:05 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
No, just advertising that AUTH LOGIN is available isn't the bad thing.
There was not an authentication done in that transa
chaudhry.co.uk (assuming that's not one of your internal
domains).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 2:47 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Ok I think I found
dmode.com
no username, no password, no admin. Isnt that a bad thing?
E-
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 12:13 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Paying attention to differences between GMT t
inistrator
UGFzc3dvcmQ= Password
Zm9v foo
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 12:41 PM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Ouch
However the time
.
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 11:33 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Tracking logs are different. They're not really human readable and they
don't let you know the auth information.
If you
tougher to diagnose than using the protocol logs as
previously described.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 11:48 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
Well I'm
AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
I looked in the log dir and I only have a route.log and a route.old
neither
contain and IP or sender data related to this, the 2010 events don't
correspond with the loads of garbage ndr's I am seeing either.
Could these logs be in
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 10:36 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
For the record, :), SMTP Protocol Logging doesn't write to the App Event
Log, rather it writes to file system files.
Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 10:36 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
For the record, :), SMTP Protocol Logging doesn't write to the App Event
Log, rather it writes to file system files.
Knowing how to read SMTP conve
ehalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 11:32 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
For the record those are event 2010
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 9:12 AM
To: Exchange Discussi
ECTED]
Sent: Tuesday, December 23, 2003 10:19 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
In that particular event( app log? ) is there anything else in the
description that I can search against to find it quickly? Like sending
domain, ip, message id, etc,?
e-
-Original Me
For the record those are event 2010
-Original Message-
From: Webb, Andy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 9:12 AM
To: Exchange Discussions
Subject: RE: SMTP Logging options?
IMS Diagnostics Logging / SMTP Protocol Logging / Medium
You'll need to look fo
Discussions
Subject: RE: SMTP Logging options?
IMS Diagnostics Logging / SMTP Protocol Logging / Medium
You'll need to look for the AUTH handshake. The handshake is done using
base64 encoded strings. You can use
http://www.securecode.net/Base64Convert+main.html to decode them.
-Ori
ailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 9:18 AM
To: Exchange Discussions
Subject: SMTP Logging options?
Exch 5.5 sp4
In a scenario where a end users password has been compromised and is
being
used to drop spam crap on the internet mail service, what lo
ssions
Subject: SMTP Logging options?
Exch 5.5 sp4
In a scenario where a end users password has been compromised and is being
used to drop spam crap on the internet mail service, what logging options
can be used to identify the account that is authenticating? Also is there a
way to tie a mess
Exch 5.5 sp4
In a scenario where a end users password has been compromised and is being
used to drop spam crap on the internet mail service, what logging options
can be used to identify the account that is authenticating? Also is there a
way to tie a message id to a specific authenticated user?
25 matches
Mail list logo