Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Inbound authentication failed with error LogonDenied for Receive connector Default SERVERNAME. The authentication mechanism is Login

Posted on 2014-03-20
4
Medium Priority
?
4,198 Views
Last Modified: 2014-03-21
Hi all,
First I'll start by saying I'm an Exchange novice, so I'm a bit green when it comes to exchange in general.

Looking through the error and event logs, I noticed a bunch of the errors in the attached file.

Is this something to be concerned with? I am not familiar with the IP address listed, concerned someone is trying to hack in? or perhaps nothing to concerned about?

I also have seen the same error message with a different IP - 196.204.141.122

Thanks in advance
ERRORLOG.txt
0
Comment
Question by:ChiIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 1000 total points
ID: 39944384
Without a layer7 applicable firewall or an IDS, I do not think there is much you can do to prevent this.

Alternatively, you could switch to a cloud based spam provider like AppRiver or Barracuda so your email hits the cloud then comes to your server. This way, you can set your firewall and Exchange to only allow inbound SMTP from your spam provider.

This is probably people trying to bruteforce their way in.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 39944988
Thanks for responding, so is this typical when you see when you have your own exchange? We do have a local spam filter running and a Dell Sonicwall firewall.

I am familiar with appriver and barracudas services and was considering them. You mention someone trying to bruteforce, is this related to spam do you think? Or someone trying to hack in? Also since this is via smtp, am I right I saying they are using smtp to try and I that?


Big Apologies for all the questions...
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1000 total points
ID: 39945133
Standard authenticated relaying attack. If you have your own server on the internet, then it happens. Just ensure that the usual targets for the attack (Administrator is the main one) has a strong password and they will not get in. Doesn't stop them trying - like you can't stop someone from hammering on your door to get in without the key!

Simon.
0
 
LVL 2

Author Closing Comment

by:ChiIT
ID: 39945200
thank you so much!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question