No, it means you don't have the logging turned on in the IMS (it does require a restart of the IMS service once you change the settings).
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:39 AM To: Exchange Discussions Subject: RE: SMTP Logging options? I looked in the log dir and I only have a route.log and a route.old neither contain and IP or sender data related to this, the 2010 events don't correspond with the loads of garbage ndr's I am seeing either. Could these logs be in another folder? e- -----Original Message----- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 10:36 AM To: Exchange Discussions Subject: RE: SMTP Logging options? For the record, :), SMTP Protocol Logging doesn't write to the App Event Log, rather it writes to file system files. Knowing how to read SMTP conversations in the protocol log is a "good thing". -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:32 AM To: Exchange Discussions Subject: RE: SMTP Logging options? For the record those are event 2010 -----Original Message----- From: Webb, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 9:12 AM To: Exchange Discussions Subject: RE: SMTP Logging options? IMS Diagnostics Logging / SMTP Protocol Logging / Medium You'll need to look for the AUTH handshake. The handshake is done using base64 encoded strings. You can use http://www.securecode.net/Base64Convert+main.html to decode them. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 9:18 AM To: Exchange Discussions Subject: SMTP Logging options? Exch 5.5 sp4 In a scenario where a end users password has been compromised and is being used to drop spam crap on the internet mail service, what logging options can be used to identify the account that is authenticating? Also is there a way to tie a message id to a specific authenticated user? Much thanks & merry christmas e- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
