Abstract
The system log (syslog) files of the E-mail and the DNS cache servers in Kumamoto University were statistically investigated when receiving a lot of spam mails. The DNS query traffic between the E-mail and the DNS cache servers increases when many traces of spam and/or junk mails are found in syslog file of the E-mail server. The DNS query traffic decreases when preventing access between the E-mail server and the spam/junk transferring SMTP clients. This is because the DNS query between the DNS and E-mail servers are mainly driven by the SMTP access in the E-mail server. Therefore, we can detect abnormality of the E-mail server by monitoring the DNS query traffic from the E-mail server to the DNS server and get access-controlling list by analysis of the SMTP syslog files.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
