Tools for SmarterMail Admins - Unauthorized SMTP sender finder
SmarterMail* is a Windows-based email server. It happens to be the email
server I use to host a few hundred domains. Here are some tools I created to
help me. Maybe they will help you too.
There are a
number of effective strategies to reduce your SPAM levels, but many require that
your all users enable SMTP authentication. It is easy to set up
new domains to require SMTP AUTH. Unfortunately, there is no good way to
transition existing domains with users who are already using SMTP without AUTH.
This tool scans your SMTP log files to find users who are currently sending
SMTP mail without authenticating. It makes it easy for you to send an email to
these users asking them to enable SMTP AUTH in their email clients. You can then
run it again a few days later to make sure everyone has switched.
It works by reading though the log files generated by the SmartMail SMTP
server and parsing out the email events. It also uses the SmarterMail web
services API to read the lists of valid users and domains from your email
server.
Set your SMTP Log Level to Detailed. This setting is
under Settings -> Log Settings. You will need to log into your
SmarterMail server as the System Admin to do this.
This will enable the server to start writing lines to the log files every
time an SMTP user sends email.
Set your Allow Relay to Local Users Only. This setting
is under General Settings -> Security. Again, you will need to be
logged in as System Admin.
This will ensure that the only emails passing though your server will either
(1) be to a local user account, or (2) from a local user account.
Wait about a week, or how ever long you think it will take for all of
your users who use SMTP to send at least one outbound email.
Download the tool and install it from the link
above.
Since the program needs access to all your SMTP log files and these files
are large, it is probably easiest to install on the same machine that your
log files are on.
Run the tool.
Enter the path to the directory that contains your SMTP log files and
press Add Logfiles to List. These files are typically created in
C:\SMARTERMAIL\LOGS. Alternately,
you could browse to a mapped drive if the log files are on a different
machine.
Select a range of dates to analyze. It is probably a waste of time to
analyze logs created before you turned on detailed logging (Step #1), or
turned off relaying (Step #2). The files you pick should be consecutive
dates without gaps.
Enter your SmarterMail System Admin username and password along with the URL that
you use to access the web-based email on your server and press Login and
Get Data. The tool will then connect to your SmarterMail and retrieve
the list of local domains.
Select the domains you want to analyze. The tool will only report
non-authorized users in the selected domains.
Select an output type.
TXTwill create a list of users who need to enable SMTP
AUTH. The list is opened into NOTEPAD, ready for you to paste into your
email program. You can specify the character that will separate the
addresses - semicolon works for both Outlook and the SmarterMail web
interface.
If you select Include accounts who user both
authorized and non-authorized, you'll end up with a list of address for
all local users who sent email using SMTP during the analyzed period.
CSV will create a spreadsheet showing all the users who need
enable SMTP AUTH. Each user is listed on a line with their email address,
the username they authenticated with (always null unless you checked Include
authorized senders), the time of the last SMTP email sent by the user,
and the total number of SMTP emails sent by the user.
If you select Include authorized senders in listing, the
spreadsheet will include also lines for users who did authenticate when
sending SMTP mail, along with their details. If a user sent email both
authentication and not authentication, these are listed on separate lines so
you can see when and how many of each occurred. You can also see if an
account use using a different account to authenticate than to send.
Send an email to the listed users asking them to please turn on SMTP
AUTH in their email client. Here is an example of
an email I sent to my users.
Wait a day or two to give them a change to make the change and send
another email.
Run this tool again. Use the same start date you used the first time -
once the person logs in one with SMTP AUTH turned on then they will no long
appear in the list.
Repeat starting at step #11 using increasingly harshly worded requests.
Once everyone has switched over, or you've run out of patience for the
people who haven't, log into your mail server as System Admin and go into General Settings -> Security and
set relay to "Nobody"...
That's it - you now do not have to worry about spammers sending though your
local users' accounts. You can now also turn on aggressive black hole lists
without worrying about blocking your legitimate users.
FAQ
Q: Why does the main window seem to lock up while the program is
analyzing the log files?
A: I could not figure out a way to have the program doing its processing on a
different thread that didn't take more work that the actual program, so I
instead chose to have the progress reports print to a DOS window that appears
behind the main program window. If you are a Windows programer and know a good way
to report progress from a background thread that is not ugly and a huge amount
of work (I've tried both BackgroundThreadWorker and BeginInvoke), please let me
know.
Q: Why do I see a bunch of "Socket not found on disconnect" errors when the
program first begins processing the log files?
A: These can be safely ignored. These are caused by sessions that started before
the first selected logfile. For example, if you start analyzing on Jan 1st, the
program will not see the connect event for any connections that started on just
before midnight on Dec 31st, but will only see the orphaned disconnects that
happened after midnight.
Support
Please email me with any questions at...
*I have no affiliation with SmarterTools, the creators of SmarterMail, other
than being a user of their software.
