Linking spam sent through shared IIS SMTP server to a user

Microsoft’s IIS SMTP service won’t log usernames even when SMTP-AUTH is enabled and clients are all authenticating. So, what happens if someone starts abusing the SMTP service (or you perhaps have a runaway process performing the abuse)?

Well, it takes a little effort but it is possible to track down the username being used to authenticate to the service. Here’s a post by Jeff Graves of OrcsWeb showing exactly how to track down this information:

Be Sociable, Share!


    Trackbacks and Pingbacks: