Exchange Server Log check
HI,
i have attached 3 Event log for smtp protocol which i took last night when in our organization only Exchange server was running, all other pc was shutdown.
Can any one tell me, what does this log mean ,
does it mean, any one succesfully send email via my server but it been refused from the Recevier SErver ??
compromised1.GIF
Compromised2.GIF
compromised3.GIF
i have attached 3 Event log for smtp protocol which i took last night when in our organization only Exchange server was running, all other pc was shutdown.
Can any one tell me, what does this log mean ,
does it mean, any one succesfully send email via my server but it been refused from the Recevier SErver ??
compromised1.GIF
Compromised2.GIF
compromised3.GIF
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
omnmm i read that before, but i didnot understand fully
right now my concerin is : if you check the log its 5 Am, i am seeing this log in my EVent log because :
1) my server is sending email to another server and another server is rejecting ??
or)
2) another server is trying to send email to my server but myserver is rejecting ??
if its 2, then i am fine, but if it 1 then i am in troble.
i want to get confermation of 1 or 2 first
right now my concerin is : if you check the log its 5 Am, i am seeing this log in my EVent log because :
1) my server is sending email to another server and another server is rejecting ??
or)
2) another server is trying to send email to my server but myserver is rejecting ??
if its 2, then i am fine, but if it 1 then i am in troble.
i want to get confermation of 1 or 2 first
ASKER
NO, we dont have any pop3 user . and at I said, its 5 am
about your comments : looks like someone is trying to relay mail through you, this could be a user who is setup with pop3 and entered the wrong password = that mean, some is trying to send email via our server, but our server is rejcting ??
about your comments : looks like someone is trying to relay mail through you, this could be a user who is setup with pop3 and entered the wrong password = that mean, some is trying to send email via our server, but our server is rejcting ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes someone could be trying to reply mail. but you are not an open relay so there isnt much you can do to stop it apart from buying some king od intrusion protection and prevention.
but there isnt much point if it just this 1 small ussie that may not arrise again.
could be a legitimate user entering the wrong password
but there isnt much point if it just this 1 small ussie that may not arrise again.
could be a legitimate user entering the wrong password
ASKER
i have read that one before , and i did wat it said couple of month ago
but i am realy afraid, i just want to a confermation first from some one ,
either 1 or 2 for 3
1) my server is sending email to another server and another server is rejecting ??
or)
2) another server is trying to send email to my server but myserver is rejecting ??
3)Or Some one is trying to send emil but due to no permission my server is jecting ??
but i am realy afraid, i just want to a confermation first from some one ,
either 1 or 2 for 3
1) my server is sending email to another server and another server is rejecting ??
or)
2) another server is trying to send email to my server but myserver is rejecting ??
3)Or Some one is trying to send emil but due to no permission my server is jecting ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok as i said, its at 5 am, my office open at 9 am
i have checked my server queue at 9 pm at night ( its was clear) event log clear
now when i checked at 8 am ( server queue is clear,) but in event log i saw those entries.
"ok have ANY of your users said that they are not getting mail from some senders, and/or have your users said that thir mail is not getting to the addresses they try to send to."
yes, its yesterday one of my user tryed to send email to one clients but in Event LOg i was getting same entry. i knew its valid reason, that email went through today.
but at 5 am, no body tryed from my office to send email to any one, so it must be some outside its trying to do.
as my server is not open realy.
so what you think ?? so you are saying that some one trying to send email but it didnot realy due to permission ??
i just want to hear , did the server realyed the email or not ??
i have checked my server queue at 9 pm at night ( its was clear) event log clear
now when i checked at 8 am ( server queue is clear,) but in event log i saw those entries.
"ok have ANY of your users said that they are not getting mail from some senders, and/or have your users said that thir mail is not getting to the addresses they try to send to."
yes, its yesterday one of my user tryed to send email to one clients but in Event LOg i was getting same entry. i knew its valid reason, that email went through today.
but at 5 am, no body tryed from my office to send email to any one, so it must be some outside its trying to do.
as my server is not open realy.
so what you think ?? so you are saying that some one trying to send email but it didnot realy due to permission ??
i just want to hear , did the server realyed the email or not ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ommm no i am using Ipcop as firewall. and my server is behind that firewall.
i will have to think untagle , i will check today .
i will have to think untagle , i will check today .
you could always use appriver.com then set your firewall to ONLY accept inbountd mail from apprivers ip address that way no connections will ever get to the exchange server apart from appriver.
all your mail will be routed from them direct to your mailserver. also this will be filtered for spam and viruses etc
all your mail will be routed from them direct to your mailserver. also this will be filtered for spam and viruses etc
do any of your users use pop3?