Recently the following errors have started to appear on my Exchange 2007 server : Event 1035 - Inbound authentication failed with error LogonDenied for Receive connector Default MAILSERVER. The authentication mechanism is NTLM. The source IP address of the client who tried to authenticate to Microsoft Exchange is [IP address of ISA 2006 server].
Do I need to worry about failed authentication attempts coming from the internet ? How can I block these ?
What is interesting is that these errors have started right after I decommissioned my old Exchange 2003 server. Just coincidence ?
From: Taylorville, IL
Block it? What good is a mail server that can't communicate to/from the Internet?
These are not errors,...they are alerts,...not quite the same thing. Typically SMTP Rely requires the SMTP Client to authenticate. Spammers cannot authenticate in order to relay,..hence why this is done.
Meaning,...this is probably a Spammer trying to reply off the SMTP Service and is being denied because they did not authenticate.
Bottom line,...it is doing exactly what it is supposed to do,...exactly the way it is supposed to do it,....so leave it alone.
The reason it shows coming from the ISA is due to how the Publishing Rule is configured. If the Rule is set to "show as comming from ISA" then it is,...again,...doing exactly what it is supposed to do.