RE: SMTP Logging options?

Thanks Ed for clarifying it. -Original Message- From: Ed Crowley [MVP] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 6:01 PM To: Exchange Discussions Subject: RE: SMTP Logging options? They are copies delivered to that location because you asked for it by setting the

RE: SMTP Logging options?

from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanjeev Sharma Sent: Tuesday, December 23, 2003 4:49 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Ex 5.5, SP4. The Diagnostics Logging for Message Archival i

RE: SMTP Logging options?

because? Please help me to understand this. Thanks. -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 3:10 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Yeah, I don't try to block everything, but I do occasionally

RE: SMTP Logging options?

because? Please help me to understand this. Thanks. -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 3:10 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Yeah, I don't try to block everything, but I do occasionally

RE: SMTP Logging options?

are in fact the logs from the imcdata/log folder yes? Can IIS smtp logs be expected to be in the same format? -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 3:09 PM To: Exchange Discussions Subject: RE: SMTP Logging options? The AUT

RE: SMTP Logging options?

/log folder yes? Can IIS smtp logs be expected to be in the same format? -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 3:09 PM To: Exchange Discussions Subject: RE: SMTP Logging options? The AUTH you posted below was just an advertis

RE: SMTP Logging options?

e the traffic. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 3:36 PM To: Exchange Discussions Subject: RE: SMTP Logging options? I didn't take it as a slam :) I'll read those rfc's So th

RE: SMTP Logging options?

Tuesday, December 23, 2003 2:08 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Answering myself here... This is one of those big reasons why I believe that everyone should be familiar with the SMTP RFCs (2821 and 2822). You have to know what you're looking at to understand

RE: SMTP Logging options?

EMAIL PROTECTED] On Behalf Of Webb, Andy Sent: Tuesday, December 23, 2003 4:08 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Answering myself here... This is one of those big reasons why I believe that everyone should be familiar with the SMTP RFCs (2821 and 2822). You have to know

RE: SMTP Logging options?

-- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy Sent: Tuesday, December 23, 2003 3:05 PM To: Exchange Discussions Subject: RE: SMTP Logging options? No, just advertising that AUTH LOGIN is available isn't the bad thing. There was not an authentication done in that transa

RE: SMTP Logging options?

chaudhry.co.uk (assuming that's not one of your internal domains). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 2:47 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Ok I think I found

RE: SMTP Logging options?

dmode.com no username, no password, no admin. Isnt that a bad thing? E- -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 12:13 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Paying attention to differences between GMT t

RE: SMTP Logging options?

inistrator UGFzc3dvcmQ= Password Zm9v foo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 12:41 PM To: Exchange Discussions Subject: RE: SMTP Logging options? Ouch However the time

RE: SMTP Logging options?

. -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:33 AM To: Exchange Discussions Subject: RE: SMTP Logging options? Tracking logs are different. They're not really human readable and they don't let you know the auth information. If you

RE: SMTP Logging options?

tougher to diagnose than using the protocol logs as previously described. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:48 AM To: Exchange Discussions Subject: RE: SMTP Logging options? Well I'm

RE: SMTP Logging options?

AM To: Exchange Discussions Subject: RE: SMTP Logging options? I looked in the log dir and I only have a route.log and a route.old neither contain and IP or sender data related to this, the 2010 events don't correspond with the loads of garbage ndr's I am seeing either. Could these logs be in

RE: SMTP Logging options?

-Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 10:36 AM To: Exchange Discussions Subject: RE: SMTP Logging options? For the record, :), SMTP Protocol Logging doesn't write to the App Event Log, rather it writes to file system files.

RE: SMTP Logging options?

Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 10:36 AM To: Exchange Discussions Subject: RE: SMTP Logging options? For the record, :), SMTP Protocol Logging doesn't write to the App Event Log, rather it writes to file system files. Knowing how to read SMTP conve

RE: SMTP Logging options?

ehalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:32 AM To: Exchange Discussions Subject: RE: SMTP Logging options? For the record those are event 2010 -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 9:12 AM To: Exchange Discussi

RE: SMTP Logging options?

ECTED] Sent: Tuesday, December 23, 2003 10:19 AM To: Exchange Discussions Subject: RE: SMTP Logging options? In that particular event( app log? ) is there anything else in the description that I can search against to find it quickly? Like sending domain, ip, message id, etc,? e- -Original Me

RE: SMTP Logging options?

For the record those are event 2010 -Original Message- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 9:12 AM To: Exchange Discussions Subject: RE: SMTP Logging options? IMS Diagnostics Logging / SMTP Protocol Logging / Medium You'll need to look fo

RE: SMTP Logging options?

Discussions Subject: RE: SMTP Logging options? IMS Diagnostics Logging / SMTP Protocol Logging / Medium You'll need to look for the AUTH handshake. The handshake is done using base64 encoded strings. You can use http://www.securecode.net/Base64Convert+main.html to decode them. -Ori

RE: SMTP Logging options?

ailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 9:18 AM To: Exchange Discussions Subject: SMTP Logging options? Exch 5.5 sp4 In a scenario where a end users password has been compromised and is being used to drop spam crap on the internet mail service, what lo

RE: SMTP Logging options?

ssions Subject: SMTP Logging options? Exch 5.5 sp4 In a scenario where a end users password has been compromised and is being used to drop spam crap on the internet mail service, what logging options can be used to identify the account that is authenticating? Also is there a way to tie a mess

SMTP Logging options?

Exch 5.5 sp4 In a scenario where a end users password has been compromised and is being used to drop spam crap on the internet mail service, what logging options can be used to identify the account that is authenticating? Also is there a way to tie a message id to a specific authenticated user?