Solved

How to block exchange authentication attack

Posted on 2010-09-24
5
344 Views
Last Modified: 2012-08-13
It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.
SMTP-Log.txt
0
Comment
Question by:kfasick
  • 3
5 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33756424
Are you getting email from outside directly to your Exchange server? Or maybe your ISP forwards to you?
If the latter then you could configure to allow only your ISP to connect to SMTP.

It all depends on your setup. is there a gatway on your side (SPAM Filter?)

0
 

Author Comment

by:kfasick
ID: 33756446
There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.
0
 

Author Comment

by:kfasick
ID: 33756455
Also checked for open relay, that came up clean.
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 33756462
Not a whole lot natively. As long as you have port 25 open to the world you're going to deal with this. Based on the IPs it looks like you've got multiple individuals trying or one user with a rotating proxy utility. It is, however, possible to block this type of attack by using an external smart host to route your mail. Postini and Appriver both have good solutions for this. Basically the way it would work is you open port 25 only to Postini's SMTP servers and close it to the rest of the world. The only IPs that will communicate with your server are Postini/Appriver. Plus you get the added benefit of spam and virus filtering.
(www.postini.com and www.appriver.com)
0
 

Author Comment

by:kfasick
ID: 33756904
I blocked port 25 on the firewall and the attack continues.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question