Anyone who can decipher the log that I get? The 4GB log contains these codes only. Both abc.sti.edu and def.sti.edu are my mail servers. 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionCommand SMTPSVC1 ABC - 25 EHLO - abc.sti.edu 0 0 4 0 0 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionResponse SMTPSVC1 ABC - 25 - - 250-def.sti.edu+Hello+[192.168.0.14] 0 0 38 0 0 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionResponse SMTPSVC1 ABC - 25 - - 334+GSSAPI+supported 0 0 20 0 0 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionResponse SMTPSVC1 ABC - 25 - - 334+oYIBLjCCASqgAwoBAKELBgkqhkiC9xIBAgKigYkEgYZggYMGCSqGSIb3EgECAgIAb3Qw cqADAgEFoQMCAQ+iZjBkoAMCAReiXQRbthPUJ6SM6V9CXZGI1ITiQOnm8VEMsx8lwMKvs8nA uETrewZjqomdCdjQ4xrrpOfI7okelXoJOgckFZEwUt3G2UmmBvxdR47SkrAbZsvwxwmeCnDg z8GfzqOTqaOBiQSBhmCBgwYJKoZIhvcSAQICAgBvdDByoAMCAQWhAwIBD6JmMGSgAwIBF6Jd BFu2E9QnpIzpX0JdkYjUhOJA6ebxUQyzHyXAwq+zycC4ROt7BmOqiZ0J2NDjGuuk58juiR6V egk6ByQVkTBS3cbZSaYG/F1HjtKSsBtmy/DHCZ4KcODPwZ/Oo5Op 0 0 412 0 0 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionResponse SMTPSVC1 ABC - 25 - - 235+2.7.0+Authentication+successful. 0 0 36 0 16 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionCommand SMTPSVC1 ABC - 25 X-LINK2STATE - LAST+CHUNK={0000006a}+MULTI+(5)+({00000051}+DIGEST_QUERY+24f5df3f0d5b5a4 990945941b8a198e2+ad201721336f00cc23c089464c71edbe++)++ 0 0 12 0 16 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionResponse SMTPSVC1 ABC - 25 - - 200+LAST+CHUNK={00000029}+MULTI+(5)+({00000010}+DONE_RESPONSE++)++ 0 0 66 0 16 SMTP - - - - 2005-01-04 00:13:56 192.168.0.1 OutboundConnectionCommand SMTPSVC1 ABC - 25 QUIT - - 0 0 4 0 16 SMTP - - - - -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, January 04, 2005 3:41 PM To: [ExchangeList] Subject: [exchangelist] RE: Large SMTP log http://www.MSExchange.org/ Well, the logs will show. Also, you can open up ESM and under the SMTP VS, look at the queues. If you see an awful lot, you are probably an open relay. Also, if you post the IP address of the server, it can be tested. John Tolmachoff Engineer/Consultant/Owner eServices For You