Re: SMTSVC ?
From: razornt (razornt_at_discussions.microsoft.com)
Date: 03/28/05
- Previous message: Susan: "DMZ access for internal and external users"
- In reply to: Jeff Cochran: "Re: SMTSVC ?"
- Next in thread: Leon Mayne [MVP]: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 06:35:03 -0800
Thanks Jeff. That makes sense. I check into right away.
"Jeff Cochran" wrote:
> On Fri, 25 Mar 2005 13:45:05 -0800, "razornt"
> <razornt@discussions.microsoft.com> wrote:
>
> >Someone is trying to hack our server via SMTPSVC. When I view the event log
> >(system) I see Event ID 100 SMTPSVC and a login attempt. However, when I try
> >to match the Event log time with the SMTPSVC log time nothing matches.
>
> Are you accounting for the offset from GMT? The SMTP logs are in GMT,
> Event logs are usually in local time.
>
> Jeff
>
>
> > I want
> >to block the IP Address of this potential intruder. How do I find the IP
> >Address of this potential intruder?
> >
> >SMTPSVC extended property logs are turned on with client ip, date and time,
> >server ip and server port and also user name.
> >
> >Default SMTP virtual server
> >No relay (only the list below) "There is no list"
> >Basic and Windows Security package are checked for Authentication
> >
> >Thanks in advance.
>
>
- Previous message: Susan: "DMZ access for internal and external users"
- In reply to: Jeff Cochran: "Re: SMTSVC ?"
- Next in thread: Leon Mayne [MVP]: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
