Solved

How to block exchange authentication attack

Posted on 2010-09-24
5
340 Views
Last Modified: 2012-08-13
It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.
SMTP-Log.txt
0
Comment
Question by:kfasick
  • 3
5 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
Comment Utility
Are you getting email from outside directly to your Exchange server? Or maybe your ISP forwards to you?
If the latter then you could configure to allow only your ISP to connect to SMTP.

It all depends on your setup. is there a gatway on your side (SPAM Filter?)

0
 

Author Comment

by:kfasick
Comment Utility
There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.
0
 

Author Comment

by:kfasick
Comment Utility
Also checked for open relay, that came up clean.
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
Comment Utility
Not a whole lot natively. As long as you have port 25 open to the world you're going to deal with this. Based on the IPs it looks like you've got multiple individuals trying or one user with a rotating proxy utility. It is, however, possible to block this type of attack by using an external smart host to route your mail. Postini and Appriver both have good solutions for this. Basically the way it would work is you open port 25 only to Postini's SMTP servers and close it to the rest of the world. The only IPs that will communicate with your server are Postini/Appriver. Plus you get the added benefit of spam and virus filtering.
(www.postini.com and www.appriver.com)
0
 

Author Comment

by:kfasick
Comment Utility
I blocked port 25 on the firewall and the attack continues.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now