<div>
There is no gateway and the queues are clean. &nbsp;If you look to the right of the smtp log, there are a lot of user name and password entries.
</div>


There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.

<div>
Also checked for open relay, that came up clean.
</div>


Also checked for open relay, that came up clean.

<div>
I blocked port 25 on the firewall and the attack continues.
</div>


I blocked port 25 on the firewall and the attack continues.

<div>
<div class="content wysiwyg-content">
It looks like some it trying to hack into our email server. &nbsp;I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server. &nbsp;Is there a way to stop it? &nbsp;I've posted the smtp log.<br />
<a href="https://filedb.experts-exchange.com/incoming/2010/09_w39/351852/SMTP-Log.txt" target="_blank" class="file-inline" title="SMTP Log (61 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>SMTP-Log.txt</a>
</div>
</div>


SMTP-Log.txt

It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.

How to block exchange authentication attack

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Interactions between email servers and clients are governed by email protocols. The three most common email protocols are POP, IMAP and MAPI. Most email software operates under one of these (and many products support more than one).  The correct protocol must be selected, and correctly configured, if you want your email account to work.