Solved

How to block exchange authentication attack

Posted on 2010-09-24
5
348 Views
Last Modified: 2012-08-13
It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.
SMTP-Log.txt
0
Comment
Question by:kfasick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33756424
Are you getting email from outside directly to your Exchange server? Or maybe your ISP forwards to you?
If the latter then you could configure to allow only your ISP to connect to SMTP.

It all depends on your setup. is there a gatway on your side (SPAM Filter?)

0
 

Author Comment

by:kfasick
ID: 33756446
There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.
0
 

Author Comment

by:kfasick
ID: 33756455
Also checked for open relay, that came up clean.
0
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 33756462
Not a whole lot natively. As long as you have port 25 open to the world you're going to deal with this. Based on the IPs it looks like you've got multiple individuals trying or one user with a rotating proxy utility. It is, however, possible to block this type of attack by using an external smart host to route your mail. Postini and Appriver both have good solutions for this. Basically the way it would work is you open port 25 only to Postini's SMTP servers and close it to the rest of the world. The only IPs that will communicate with your server are Postini/Appriver. Plus you get the added benefit of spam and virus filtering.
(www.postini.com and www.appriver.com)
0
 

Author Comment

by:kfasick
ID: 33756904
I blocked port 25 on the firewall and the attack continues.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question