Hi Thanks Tom. --------------------------------------------- Raji Arulambalam Senior Systems Administrator Environment Bay of Plenty - Regional Council 5 Quay Street, P O Box 364, Whakatane, New Zealand -------------------------------------------- Why isn't there mouse-flavored cat food? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, October 20, 2003 10:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: How to log SMTP AUTH traffic http://www.ISAserver.org Hi Raji, Remove the AUTH verb from the SMTP filter's list. Anonymous inbound relays to domains under your adminsitrative control should never allow authentication. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx] Sent: Sunday, October 19, 2003 4:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] How to log SMTP AUTH traffic http://www.ISAserver.org Hi How can I configure ISA server to log SMTP AUTH traffic hitting the server.?? To set up an alert to warn of an attack. Its a new form of spammers attack to get logon authentication to gain access to relaying in Exchange 2000/2003. --------------------------------------------- Raji Arulambalam Senior Systems Administrator Environment Bay of Plenty - Regional Council 5 Quay Street, P O Box 364, Whakatane, New Zealand -------------------------------------------- Email disclaimer: This email and any attachments are confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. If you receive this message in error, please let us know by return email and then destroy the message. Environment Bay of Plenty is not responsible for any changes made to this message and/or any attachments after sending. ****************************************************** This e-mail has been checked for viruses and no viruses were detected.