Re: Inside user spamming

• Previous message: Leif Pedersen [MVP]: "Re: Inside user spamming"
• In reply to: Leif Pedersen [MVP]: "Re: Inside user spamming"
• Next in thread: Lanwench [MVP - Exchange]: "Re: Inside user spamming"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 6 Dec 2004 03:41:03 -0800

Thanks for the response
I have read that. I have SMTP logging set to maximum hoping to catch the
cracked user account. I have also been running Mail monitor on the exchange
server. Monitoring all traffice going in and out of smtp. No one has
authenticated to smtp. I have relaying allowed to internal ip range to allow
mail flow. This client has almost all pop3 clients on inside. Is there a tool
for exchange that will log the amount of mail coming from a specific inside
pc?

Thanks

"Leif Pedersen [MVP]" wrote:

> Hi,
>
> This article explains how to find the culprit:
> http://www.vamsoft.com/orf/authattack.asp
>
> Leif
>
>
>
> "exchangerookie1994" <exchangerookie1994@discussions.microsoft.com> skrev i
> en meddelelse news:2A7EC9F3-1591-43E8-BD14-17ADBAE33E62@microsoft.com...
> > I have a set up Exch2000 fresh load. I have locked relay capabilties to
> local
> > ip subnet. I have tested for open relay from outside - good. I have
> unchecked
> > allow authenticated users to relay setting. My smtp queue is filling fast.
> Is
> > there a utilty /software to see were this mail is coming from. I think it
> has
> > to be someone on inside (domain user). I have also turned on logging on
> > MStransport - smtp protocol to maximim
> > logging.
> > Please help
>
>
>

• Previous message: Leif Pedersen [MVP]: "Re: Inside user spamming"
• In reply to: Leif Pedersen [MVP]: "Re: Inside user spamming"
• Next in thread: Lanwench [MVP - Exchange]: "Re: Inside user spamming"
• Messages sorted by: [ date ] [ thread ]