Tools for SmarterMail Admins - Unauthorized SMTP sender finder

SmarterMail* is a Windows-based email server. It happens to be the email server I use to host a few hundred domains. Here are some tools I created to help me. Maybe they will help you too.

There are a number of effective strategies to reduce your SPAM levels, but many require that your all users enable SMTP authentication. It is easy to set up new domains to require SMTP AUTH. Unfortunately, there is no good way to transition existing domains with users who are already using SMTP without AUTH.

This tool scans your SMTP log files to find users who are currently sending SMTP mail without authenticating. It makes it easy for you to send an email to these users asking them to enable SMTP AUTH in their email clients. You can then run it again a few days later to make sure everyone has switched.

It works by reading though the log files generated by the SmartMail SMTP server and parsing out the email events. It also uses the SmarterMail web services API to read the lists of valid users and domains from your email server.

Download

http://josh.com/tsma/publish/publish.htm

How to use the tool

  1. Set your SMTP Log Level to Detailed. This setting is under Settings -> Log Settings. You will need to log into your SmarterMail server as the System Admin to do this.



    This will enable the server to start writing lines to the log files every time an SMTP user sends email.


  2. Set your Allow Relay to Local Users Only. This setting is under General Settings -> Security. Again, you will need to be logged in as System Admin.



    This will ensure that the only emails passing though your server will either (1) be to a local user account, or (2) from a local user account.

  3. Wait about a week, or how ever long you think it will take for all of your users who use SMTP to send at least one outbound email.

  4. Download the tool and install it from the link above.

    Since the program needs access to all your SMTP log files and these files are large, it is probably easiest to install on the same machine that your log files are on.

  5. Run the tool.



  6. Enter the path to the directory that contains your SMTP log files and press Add Logfiles to List. These files are typically created in C:\SMARTERMAIL\LOGS. Alternately, you could browse to a mapped drive if the log files are on a different machine.

  7. Select a range of dates to analyze. It is probably a waste of time to analyze logs created before you turned on detailed logging (Step #1), or turned off relaying (Step #2). The files you pick should be consecutive dates without gaps.

  8. Enter your SmarterMail System Admin username and password along with the URL that you use to access the web-based email on your server and press Login and Get Data. The tool will then connect to your SmarterMail and retrieve the list of local domains.

  9. Select the domains you want to analyze. The tool will only report non-authorized users in the selected domains.

  10. Select an output type.

        TXT
    will create a list of users who need to enable SMTP AUTH. The list is opened into NOTEPAD, ready for you to paste into your email program. You can specify the character that will separate the addresses - semicolon works for both Outlook and the SmarterMail web interface.

       

        If you select Include accounts who user both authorized and non-authorized, you'll end up with a list of address for all local users who sent email using SMTP during the analyzed period.

        CSV will create a spreadsheet showing all the users who need enable SMTP AUTH. Each user is listed on a line with their email address, the username they authenticated with (always null unless you checked Include authorized senders), the time of the last SMTP email sent by the user, and the total number of SMTP emails sent by the user.



    If you select Include authorized senders in listing, the spreadsheet will include also lines for users who did authenticate when sending SMTP mail, along with their details.  If a user sent email both authentication and not authentication, these are listed on separate lines so you can see when and how many of each occurred. You can also see if an account use using a different account to authenticate than to send.

  11. Send an email to the listed users asking them to please turn on SMTP AUTH in their email client. Here is an example of an email I sent to my users.
  12. Wait a day or two to give them a change to make the change and send another email.
  13. Run this tool again. Use the same start date you used the first time - once the person logs in one with SMTP AUTH turned on then they will no long appear in the list.
  14. Repeat starting at step #11 using increasingly harshly worded requests.
  15. Once everyone has switched over, or you've run out of patience for the people who haven't, log into your mail server as System Admin and go into General Settings -> Security  and set relay to "Nobody"...

    Relay for nobody

 

That's it - you now do not have to worry about spammers sending though your local users' accounts. You can now also turn on aggressive black hole lists without worrying about blocking your legitimate users.

FAQ

Q: Why does the main window seem to lock up while the program is analyzing the log files?

A: I could not figure out a way to have the program doing its processing on a different thread that didn't take more work that the actual program, so I instead chose to have the progress reports print to a DOS window that appears behind the main program window. If you are a Windows programer and know a good way to report progress from a background thread that is not ugly and a huge amount of work (I've tried both BackgroundThreadWorker and BeginInvoke), please let me know.

 

Q: Why do I see a bunch of "Socket not found on disconnect" errors when the program first begins processing the log files?

A: These can be safely ignored. These are caused by sessions that started before the first selected logfile. For example, if you start analyzing on Jan 1st, the program will not see the connect event for any connections that started on just before midnight on Dec 31st, but will only see the orphaned disconnects that happened after midnight.

Support

Please email me with any questions at...

support email address

*I have no affiliation with SmarterTools, the creators of SmarterMail, other than being a user of their software.

###