Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to log MAPI connections to Exchange 2003 ?

Posted on 2011-09-23
3
Medium Priority
?
926 Views
Last Modified: 2012-08-14
Hello,

Environment summary: SBS 2003 (2 NICs configuration) SP2, Windows XP SP3, Outlook 2007 SP2

One of our client computers seems to be infected with some malware, causing the computer to send spam.
We use our ISP mail relay and we have been prevented to send emails after some spams were sent from our IP address.
We've run an extra antivirus scan on our computers (we use Trend Micro).

From time to time, I do see a batch of spam ending in our Exchange queues.

I've turned on some diagnostic/logging options in Exchange 2003, but it does not seem to log the information that I am looking for: who is connecting to Exchange to submit the spam. I would like to be able to correlate the spams I see in the queues with the name or IP address of the computer that actually sent the spams.

Thanks
0
Comment
Question by:xmi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 36585670
You have asked to turn on MAPI logging, but you will probably fnd that SMTP logging will be more useful.

To turn on SMTP logging; You can find this in the properties of the SMTP Virtual Server. This will create a log file to c:\windows\system32\logfiles\SMTPXXX\ in here is where you will find the info you want.

Whil in the properties of the SMTP virtual server check who can relay through your server. I suggest
- removing "authenticated users" from the "allow users to relay" list
- untick "Allow computers that successfully authenticate to relay"
You can find these options on this page http://www.eclarsys.com/images/exchange_relay.gif

Users using outlook do not need this to be ticked for them to send email, and if you have weak passwords someone could have guessed a password and is using this to relay.
0
 

Accepted Solution

by:
xmi earned 0 total points
ID: 36585892
I should have mentionned that the server was not acting as open relay.

In the mean time, I found the cause of our problem: an automatic forward rule to a gmail account. Some spams, not detected by IMF or Trend Micro were automatically forwarded to the gmail account and detected by our service provider.

As far as MAPI is concerned, I will test the ExMon tool to monitor it.

0
 

Author Closing Comment

by:xmi
ID: 36715171
Found the answer by myself
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question