I have a virus on the network some place that keeps sending out .zip files and causing the email server to be blacklisted. How do I set up logging on ISA server 2004 for logging of port 25. All directions I have found on this venue have not worked. I do not have an SBS server - I have windows 2003 server, exchange 2003, isa server 2004 - all windows xp pro clients. For example:
Doesn't have to be from a source port of 25 - it is the destination port you need to be more concerned over.
open the ISA gui
select - monitoring - logging
On the right, click edit query (I do not have Edit query) I have Edit Filter and followed the directions with that
Change the action to destination port = 25
Change the time value to past 7 days (I do not see a change the time value to past 7 days)
click start query - I start query - but it just keeps "fetching results" forever
is any device listed as the source that is other than your SBS server?