RE: Tracking mails--Author again :)

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 6 Jul 2005 00:26:25 -0700

You could use the SMTP Virtual server log. However, most MM viruses use a
built in SMTP engine and send directly to the recipient server as identified
by MX record. The ones that do indeed use the locally configured SMTP server
(configured in Outlook etc.) do not authenticate, so if you Exchange server
is properly configured to force authentication before sending, that will
stop them. Of course, in the case of the other type, you are blocking port
25 to/from the Internet except to/from your Exchange server, correct?

 

John T

eServices For You

 

-----Original Message-----
From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] 
Sent: Wednesday, July 06, 2005 12:01 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Tracking mails--Author again :)

 

http://www.MSExchange.org/ 

Hi John, 

 

For example: A PC within our network gets infected with mass mailer virus.
This PC starts sending mails to all the users in the address book. So if i
can find out the IP address of that PC then i can easly track it down and
pull off the network. 

 

I used to do this in my privious company. We had sendmail running on HPUX
and we could easly figure out the sender host IP. I can still trace
incomming mails from outside world as i have sendmail sitting in the
gateway. But i want to know how do i do this with Exchange 2003.

 

Regards

Praveen R

"John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> wrote:

http://www.MSExchange.org/

What is the purpose of knowing where the virus infected e-mail came from? In
this day and age, most viruses now are using virus infected zombies to send
their filth. Chances are if you received 50 different virus infected
e-mails, they will come from 45 different IP addresses.

 

Now, if you are talking about your outgoing messages, that is the wrong way
to find them, or I should say the least efficient way.

 

John T

eServices For You

 

-----Original Message-----
From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] 
Sent: Tuesday, July 05, 2005 7:11 AM
To: [ExchangeList]
Subject: [exchangelist] Tracking mails

 

http://www.MSExchange.org/ 

Hi,

 

I want to track incoming and outgoing mails on my exchange 2003 server.
Basically i want to know from which IP address the mail has arrived on
exchange server. In case of a virus mail , anti virus quarantines the
message which is fine, but i would like to know the host which is generating
the mails. Basically i can check for message header in outlook options but
can i find this info on the server it self. Message tracker doesn't give
details about the host it has reviced the mail from. 

 

Regards

Praveen R


  _____  


Discover Yahoo!
Stay in touch with email, IM, photo sharing & more. Check
<http://us.rd.yahoo.com/evt=32659/*http:/discover.yahoo.com/stayintouch.html
>  it out! ------------------------------------------------------ List
Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange
Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 ISA Server Resource Site:
http://www.isaserver.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this MSEXchange.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to
listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ramaswamy_praveen@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

  _____  

Yahoo! Mail
Stay connected, organized, and protected. Take the tour
<http://tour.mail.yahoo.com/mailtour.html>
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange
Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 ISA Server Resource Site:
http://www.isaserver.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this MSEXchange.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to
listadmin@xxxxxxxxxxxxxx

Other related posts: