RE: How to log SMTP AUTH traffic

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 19 Oct 2003 16:48:29 -0500

Hi Raji,

Remove the AUTH verb from the SMTP filter's list.  Anonymous inbound
relays to domains under your adminsitrative control should never allow
authentication. 

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx] 
Sent: Sunday, October 19, 2003 4:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] How to log SMTP AUTH traffic


http://www.ISAserver.org

Hi

How can I configure ISA server to log  SMTP AUTH traffic hitting the
server.??  To set up an alert to warn of an attack.

Its a new form of spammers attack to get logon authentication to gain
access
to relaying in Exchange 2000/2003.

---------------------------------------------
Raji Arulambalam       
Senior Systems Administrator          
Environment Bay of Plenty - Regional Council
5 Quay Street, P O Box 364, Whakatane, New Zealand
--------------------------------------------




Email disclaimer: This email and any attachments are confidential. If
you are not the intended recipient, do not copy, disclose or use the
contents in any way. If you receive this message in error, please let us
know by return email and then destroy the message. Environment Bay of
Plenty is not responsible for any changes made to this message and/or
any attachments after sending.
******************************************************
This e-mail has been checked for viruses and no viruses were detected.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2003