Journal for Academic Computing and Networking
Online ISSN : 2433-7595
Print ISSN : 1343-2915
Original paper
Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets
Yasuo MusashiRyuichi MatsubaKenichi Sugitani
Author information

2003 Volume 7 Issue 1 Pages 5-11


The system log (syslog) files of the E-mail and the DNS cache servers in Kumamoto University were statistically investigated when receiving a lot of spam mails. The DNS query traffic between the E-mail and the DNS cache servers increases when many traces of spam and/or junk mails are found in syslog file of the E-mail server. The DNS query traffic decreases when preventing access between the E-mail server and the spam/junk transferring SMTP clients. This is because the DNS query between the DNS and E-mail servers are mainly driven by the SMTP access in the E-mail server. Therefore, we can detect abnormality of the E-mail server by monitoring the DNS query traffic from the E-mail server to the DNS server and get access-controlling list by analysis of the SMTP syslog files.

Information related to the author
© 2003 Journal for Academic Computing and Networking Editorial Board
Next article