Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to block exchange authentication attack

Posted on 2010-09-24
5
Medium Priority
?
350 Views
Last Modified: 2012-08-13
It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.
SMTP-Log.txt
0
Comment
Question by:kfasick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 1000 total points
ID: 33756424
Are you getting email from outside directly to your Exchange server? Or maybe your ISP forwards to you?
If the latter then you could configure to allow only your ISP to connect to SMTP.

It all depends on your setup. is there a gatway on your side (SPAM Filter?)

0
 

Author Comment

by:kfasick
ID: 33756446
There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.
0
 

Author Comment

by:kfasick
ID: 33756455
Also checked for open relay, that came up clean.
0
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 33756462
Not a whole lot natively. As long as you have port 25 open to the world you're going to deal with this. Based on the IPs it looks like you've got multiple individuals trying or one user with a rotating proxy utility. It is, however, possible to block this type of attack by using an external smart host to route your mail. Postini and Appriver both have good solutions for this. Basically the way it would work is you open port 25 only to Postini's SMTP servers and close it to the rest of the world. The only IPs that will communicate with your server are Postini/Appriver. Plus you get the added benefit of spam and virus filtering.
(www.postini.com and www.appriver.com)
0
 

Author Comment

by:kfasick
ID: 33756904
I blocked port 25 on the firewall and the attack continues.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question