This article applies to:
- Trustwave SEG 7.3.5 and above
Question:
- How can I stop logging large numbers of events to the Event Log for relay blocking in the Receiver?
- How can I stop logging of invalid SMTP commands and multiple RSET commands to the Event Log?
Procedure:
If you do not want to log each Receiver SMTP block to the event log, you can disable these entries using a Registry entry. This entry affects logging of relay attempts, excessive RSETs, and invalid commands.
- On the Array Manager, edit the Registry (10.X: use Advanced Settings in the Management Console)
- Navigate to the SEG Receiver key:
- In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Receiver
- 10.X: value names have the prefix Receiver. (Receiver dot).
- For full details of the location for each product version, see article Q10832.
- Create a new DWORD (integer) value named SuppressEventLogOnAttack
- Set the value to 1.
- Commit configuration and restart the Receiver service on processing nodes.
To restore the default behavior, set the value to 0 or delete the value entry.
Note:
As always, take due care when editing the Registry. Best practice is to back up the Registry before making changes.