Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

How to block exchange authentication attack

It looks like some it trying to hack into our email server.  I'm running a SMTP monitor and it looks like random user names and passwords are hitting the server.  Is there a way to stop it?  I've posted the smtp log.
SMTP-Log.txt
0
kfasick
Asked:
kfasick
  • 3
2 Solutions
 
FDiskWizardCommented:
Are you getting email from outside directly to your Exchange server? Or maybe your ISP forwards to you?
If the latter then you could configure to allow only your ISP to connect to SMTP.

It all depends on your setup. is there a gatway on your side (SPAM Filter?)

0
 
kfasickAuthor Commented:
There is no gateway and the queues are clean.  If you look to the right of the smtp log, there are a lot of user name and password entries.
0
 
kfasickAuthor Commented:
Also checked for open relay, that came up clean.
0
 
Adam BrownSr Solutions ArchitectCommented:
Not a whole lot natively. As long as you have port 25 open to the world you're going to deal with this. Based on the IPs it looks like you've got multiple individuals trying or one user with a rotating proxy utility. It is, however, possible to block this type of attack by using an external smart host to route your mail. Postini and Appriver both have good solutions for this. Basically the way it would work is you open port 25 only to Postini's SMTP servers and close it to the rest of the world. The only IPs that will communicate with your server are Postini/Appriver. Plus you get the added benefit of spam and virus filtering.
(www.postini.com and www.appriver.com)
0
 
kfasickAuthor Commented:
I blocked port 25 on the firewall and the attack continues.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now