This article applies to:

• Trustwave MailMarshal (SEG) 

Question:

• How can I stop logging large numbers of events to the Event Log for relay blocking in the Receiver?
• How can I stop logging of invalid SMTP commands and multiple RSET commands to the Event Log?

Procedure:

If you do not want to log each Receiver SMTP block to the event log, you can disable these entries using an Advanced Setting or Registry entry. This entry affects logging of relay attempts, excessive RSETs, and invalid commands.

• In MailMarshal 10.0 and above, open the Management Console and navigate to Advanced Settings. Add a new value:
  • Name: Receiver.SuppressEventLogOnAttack
  • Type: Boolean
  • Value: True (selected)
• In MailMarshal 8.X and below, open the Registry Editor on the Array Manager. Within the base registry key, navigate to \Default\Receiver
  • In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Receiver
  • For information about the registry location for each version, see article Q10832.
  • Enter the value as a new DWORD value named SuppressEventLogOnAttack with value 1.
• Save your registry settings or configuration settings.
• Commit the configuration changes and restart the MailMarshal Receiver service on each node.

Note:

As always, take due care when editing the Registry. Best practice is to back up the Registry before making changes.