Hi Everyone
We have been asked to secure our SMTP servers and decided to take anonymous off and force authentication.
One of the main goals is to stop spoofing which this won't really help with. To catch this, we have enabled logging on the SMTP virtual servers and will keep the logs for a certain amount of time and thereby be able to pick up the authenticated user who sent the spoofed message. That was the plan anyway.
We enable logging with one specific extended field enabled (which we obviously need) - from the help it has the following explanation:
User Name
Select to record the name of the authenticated user who accessed your server. This does not include anonymous users, who are represented by a hyphen (-).
This is exactly what we wanted but when testing it doesnt provide the authenticated user in the logs we only get the following:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-11-22 15:07:50
#Fields: date time c-ip cs-username s-computername s-ip
2006-11-22 15:07:50 10.47.160.12 OutboundConnectionResponse FNBFDTBH01 -
Obviously the "OutboundConnectionResponse" corresponds to the cs-username.
Does anyone know if there is something else we need to do to get this to log the correct information?
Thanks for you help
Regards
Brendon
We have been asked to secure our SMTP servers and decided to take anonymous off and force authentication.
One of the main goals is to stop spoofing which this won't really help with. To catch this, we have enabled logging on the SMTP virtual servers and will keep the logs for a certain amount of time and thereby be able to pick up the authenticated user who sent the spoofed message. That was the plan anyway.
We enable logging with one specific extended field enabled (which we obviously need) - from the help it has the following explanation:
User Name
Select to record the name of the authenticated user who accessed your server. This does not include anonymous users, who are represented by a hyphen (-).
This is exactly what we wanted but when testing it doesnt provide the authenticated user in the logs we only get the following:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-11-22 15:07:50
#Fields: date time c-ip cs-username s-computername s-ip
2006-11-22 15:07:50 10.47.160.12 OutboundConnectionResponse FNBFDTBH01 -
Obviously the "OutboundConnectionResponse" corresponds to the cs-username.
Does anyone know if there is something else we need to do to get this to log the correct information?
Thanks for you help
Regards
Brendon