But Exchange 2003 can filter IP addresses and generate a specific event code, there's that Connection Filtering tab on Message Delivery, wouldn't that help? Tiago de Aviz SoftSell - Curitiba (41) 340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. -----Mensagem original----- De: Michael B. Smith [mailto:michael@xxxxxxxxxx] Enviada em: sexta-feira, 17 de dezembro de 2004 10:28 Para: [ExchangeList] Assunto: [exchangelist] RE: connection filtering on HELO/EHLO http://www.MSExchange.org/ Sure, but you'll have to write a protocol event sink. And be careful - this might be more dangerous to do than you think. Not for the faint of heart. There are some examples in the Exchange 2003 SDK and on CDOLive and on Siegfried Weber's site. -----Original Message----- From: Dan HINCKLEY [mailto:dah@xxxxxxxxxxx] Sent: Friday, December 17, 2004 3:27 AM To: [ExchangeList] Subject: [exchangelist] RE: connection filtering on HELO/EHLO http://www.MSExchange.org/ I'm getting a bunch of spam, some w/viruses, spoofing a domain (mail.domain.tld) in the HELO. I was trying to see if there is a way built into ES 2003 to use the FQDN (spoofed) rather than an IP (since these guys change their IPs) to drop the connection. At 07:46 12/17/2004, you wrote: >http://www.MSExchange.org/ > >What kind of filtering? > >John Tolmachoff >Engineer/Consultant/Owner >eServices For You > > > -----Original Message----- > > From: Dan HINCKLEY [mailto:dah@xxxxxxxxxxx] > > Sent: Thursday, December 16, 2004 12:32 AM > > To: [ExchangeList] > > Subject: [exchangelist] connection filtering on HELO/EHLO > > > > http://www.MSExchange.org/ > > > > Have looked in the archives w/o luck. Can anyone point me to a > > method of doing filtering in ES 2003 at the HELO/EHLO command? > > > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: michael@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx