• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Failed authentication attempts to Exchange coming through ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Failed authentication attempts to Exchange coming through ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
Failed authentication attempts to Exchange coming throu... - 19.Nov.2010 3:55:22 AM   
micjo01

 

Posts: 47
Joined: 25.Mar.2003
From: Brussels
Status: offline
Dear sir,

Recently the following errors have started to appear on my Exchange 2007 server :
Event 1035 - Inbound authentication failed with error LogonDenied for Receive connector Default MAILSERVER. The authentication mechanism is NTLM. The source IP address of the client who tried to authenticate to Microsoft Exchange is [IP address of ISA 2006 server].

Do I need to worry about failed authentication attempts coming from the internet ? How can I block these ?

What is interesting is that these errors have started right after I decommissioned my old Exchange 2003 server. Just coincidence ?

Thanks

Regards

Joeri Michiels
Post #: 1
RE: Failed authentication attempts to Exchange coming t... - 30.Dec.2010 2:37:06 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Block it?  What good is a mail server that can't communicate to/from the Internet?

These are not errors,...they are alerts,...not quite the same thing.  Typically SMTP Rely requires the SMTP Client to authenticate.  Spammers cannot authenticate in order to relay,..hence why this is done. 

Meaning,...this is probably a Spammer trying to reply off the SMTP Service and is being denied because they did not authenticate.

Bottom line,...it is doing exactly what it is supposed to do,...exactly the way it is supposed to do it,....so leave it alone.

The reason it shows coming from the ISA is due to how the Publishing Rule is configured.  If the Rule is set to "show as comming from ISA" then it is,...again,...doing exactly what it is supposed to do.

_____________________________

Phillip Windell

(in reply to micjo01)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Failed authentication attempts to Exchange coming through ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts