Hi Raji, Remove the AUTH verb from the SMTP filter's list. Anonymous inbound relays to domains under your adminsitrative control should never allow authentication. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx] Sent: Sunday, October 19, 2003 4:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] How to log SMTP AUTH traffic http://www.ISAserver.org Hi How can I configure ISA server to log SMTP AUTH traffic hitting the server.?? To set up an alert to warn of an attack. Its a new form of spammers attack to get logon authentication to gain access to relaying in Exchange 2000/2003. --------------------------------------------- Raji Arulambalam Senior Systems Administrator Environment Bay of Plenty - Regional Council 5 Quay Street, P O Box 364, Whakatane, New Zealand -------------------------------------------- Email disclaimer: This email and any attachments are confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. If you receive this message in error, please let us know by return email and then destroy the message. Environment Bay of Plenty is not responsible for any changes made to this message and/or any attachments after sending. ****************************************************** This e-mail has been checked for viruses and no viruses were detected. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')