Okay, I've done that. Another set of stupid questions:
1. I assume that the "occurrences" column shows how many messages were
involved to make up the number in the "Bytes" column... Is that assumption
correct?
2. Under "remote delivery size" part of the report, I still see "local"
addresses. Why would local addresses appear to be "remote"? I also see a
lot of REMOTE addresses in the LOCAL delivery size section.
3. Under remote delivery size I see in the list an address of "<>". What
would that be... The postmaster address or something?
4. Under the local delivery size section I see in the list a BLANK/EMTPY
address. What the heck is that about?
Are there any better, more "human" tools for reading/analyzing mail server
reports, iMail or otherwise? The Beta log analyzer I'm using simply has no
docs or other explanation that I can find to help me actually analyze what
I'm seeing in the report.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Eric Shanbrom [Ipswitch Inc]
> Sent: Monday, August 29, 2005 6:53 AM
> To: [email protected]
> Subject: Re: [IMail Forum] Using iMail Log Analyzer to
> find compromised box
>
> I use the Local and Remote delivery size by sender to
> determine this
>
> Eric S
>
> Darin Cox wrote:
>
> >We use a free Declude utility for something similar to
> that, DomList.
> >It's available from http://www.declude.com/Articles.asp?ID=100
> >
> >We use it to run a report nightly to watch incoming
> and outgoing mail
> >volume on a per domain basis. While this doesn't get
> down to per
> >mailbox like you were asking, it's always been enough
> for us to contact
> >the owner of a particular domain to see what they're
> doing when outgoing volume spikes.
> >
> >Darin.
> >
> >
> >----- Original Message -----
> >From: "Marc Funaro" <[EMAIL PROTECTED]>
> >To: <[email protected]>
> >Sent: Saturday, August 27, 2005 12:09 PM
> >Subject: [IMail Forum] Using iMail Log Analyzer to
> find compromised box
> >
> >
> >Hi Everyone,
> >
> >Is there a way to use iMail Log Analyzer to determine
> whether a
> >particular
> >pop3 mailbox has been compromised and is being used to
> send spam? If
> >so, what report options should I check off so that I
> only get the
> >information I would need to make this determination?
> (right now I
> >simply check off all the boxes, which creates a huge
> report, probably
> >with way more info than I
> >need...)
> >
> >Thanks,
> >
> >Marc
> >
> >
> >To Unsubscribe:
> http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
> >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
> >To Unsubscribe:
> http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
> >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
>
> To Unsubscribe:
> http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
