Hi Amy, You'll need to enable those fields in the SMTP service logs on your inbound SMTP relay. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, March 24, 2004 1:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 RC1 Screen Shots http://www.ISAserver.org Tom, Here is what I have in the log. I can see what is attempted to be sent but not who is trying to send it. Any idea how I can see the rest on the info? 66.111.234.133 hound2.businesshound.com - - 66.111.234.132 hound1.businesshound.com - - 66.111.234.133 hound2.businesshound.com - - 66.111.234.132 hound1.businesshound.com - - 66.111.234.133 hound2.businesshound.com - - 66.111.234.132 hound1.businesshound.com - - 66.111.234.133 hound2.businesshound.com - - 66.111.234.132 hound1.businesshound.com - - 66.111.234.133 hound2.businesshound.com - - 66.111.234.132 hound1.businesshound.com - - 209.69.26.2 mail1.biznetis.net - - 209.69.26.2 mail1.biznetis.net - - 209.69.26.2 mail1.biznetis.net - - 209.69.26.2 mail1.biznetis.net - - 209.69.26.2 mail1.biznetis.net - - 69.6.57.143 5222.iaminsecureaboutmybodymarketing.com - - 69.6.57.143 5222.iaminsecureaboutmybodymarketing.com - - 69.6.57.143 5222.iaminsecureaboutmybodymarketing.com - - 69.6.57.143 5222.iaminsecureaboutmybodymarketing.com - - -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, March 24, 2004 12:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 RC1 Screen Shots http://www.ISAserver.org Hi Amy, The SMTP service log should have detailed information on the host(s) sending the offending message(s). HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, March 24, 2004 11:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 RC1 Screen Shots http://www.ISAserver.org Can ISA figure out who is trying to send junk mail out? I've got a situation where Exchange is stuffed full of queues of undeliverable junk mail. This office also has 4 locations connecting to this Exchange server and users connecting to it through their use of Citrix so tracking down who has the virus is like looking for a needle in a hay stack. I think that it is probably netsky so I instructed everyone to run the Symantec netsky removal tool and a virus scan and no one claims to have found anything. So can ISA help with this? The server is getting bogged down. Amy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')