2003 Volume 7 Issue 1 Pages 5-11
The system log (syslog) files of the E-mail and the DNS cache servers in Kumamoto University were statistically investigated when receiving a lot of spam mails. The DNS query traffic between the E-mail and the DNS cache servers increases when many traces of spam and/or junk mails are found in syslog file of the E-mail server. The DNS query traffic decreases when preventing access between the E-mail server and the spam/junk transferring SMTP clients. This is because the DNS query between the DNS and E-mail servers are mainly driven by the SMTP access in the E-mail server. Therefore, we can detect abnormality of the E-mail server by monitoring the DNS query traffic from the E-mail server to the DNS server and get access-controlling list by analysis of the SMTP syslog files.