Video Screencast Help

smsmse smtp logs

Created: 03 Mar 2014 • Updated: 18 Mar 2014 | 4 comments
This issue has been solved. See solution.

Hello,

 

I'm looking for a way to review the smtp logs within smsmse.  Is someone able to point me in the correct direction to locate them?

 

Thanks.

Operating Systems:

Comments 4 CommentsJump to latest comment

Mick2009's picture

Hi mcollins,

Not exactly sure what you mean-? SMSMSE will log security events (threats detected, unscannable files, etc), but it does not record all SMTP traffic that occurs on a Exchange server.

Those SMTP protocol logs themselves can be set up in Exchange: http://technet.microsoft.com/en-us/library/aa997624(v=exchg.150).aspx

Please do update the thread with more info, if time allows!

Mick

With thanks and best regards,

Mick

mcollins's picture

Mick,

 

To confirm, SMSMSE doesn't act as a relay for SMTP traffic while scanning for SPAM?  

 

When a particular users, sends a particular attachment, to a particular third-party; the attachment is always striped.  Just trying to confirm that the attachment is leaving our SMSMSE/Exchange setup.

 

Thank you,

 

Matthew

groberts's picture

You are correct Matthew, SMSMSE is not acting as an SMTP relay. On Exchange 2003, SMSMSE scans for spam/viral content/content filtering violations at SMTP via an Event Sink to IIS SMTP. On 2007 and later, SMSMSE installs a transport agent within Exchange transport. In neither case does SMSMSE take over routing.

To determine if SMSMSE is stripping the attachment, take a look at the application event log on your Exchange server from the time the message was sent. If SMSMSE deleted/quarantined it due to a content filtering violation, you'll see an Event ID 291 with a description of why it was stripped.

SOLUTION
Mick2009's picture

Hi Matthew,

Has the info above answered your question?  The thread is still marked "needs solution."

Please do update this thread, when time allows!

Many thanks,

Mick

With thanks and best regards,

Mick