I'd turn on protocol logging.  I'm betting it's coming from another machine, 
and it's messing with you by reporting it's hostname as being [127.0.0.1].

________________________________
From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Wednesday, July 29, 2009 12:16 PM
To: MS-Exchange Admin Issues
Subject: RE: Quick Event Question

It is very strange that it is only for one particular user.  They are the only 
one authenticating in the event log.

________________________________
From: Leedy, Andy [mailto:ale...@butlerahs.com]
Sent: Wednesday, July 29, 2009 12:24 PM
To: MS-Exchange Admin Issues
Subject: RE: Quick Event Question

Sounds like some process on your Exchange server is sending mail as 127.0.0.1 
is localhost.  That is, that machine. I would check the task manager to what 
processes are running.


From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Wednesday, July 29, 2009 11:57 AM
To: MS-Exchange Admin Issues
Subject: Quick Event Question

We are running Exchange 2003 on Windows Server 2003.  We are fully patched etc. 
 We are starting to get a slow growing amount of outbound SPAM trying to be 
sent out of our Exchange server and we are looking to stop it before it gets 
ugly.

We are a verified closed relay host, but I am noticing a weird event for a 
specific user in the event log.

It is EventId 1708 and the Source is MSExchange Transport

The text is:

SMTP Authentication was performed successfully with client "[127.0.0.1]".  The 
authentication method was "NTLM" and the username was "xxxxxxx"



I didn't know if the 127.0.0.1 was an issue?  Never saw it before.

Thanks!!!

**********************************************************************

CONFIDENTIALITY NOTICE: The information transmitted in this message is intended 
only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and destroy all copies of this document. Thank you.

Butler Animal Health Supply

**********************************************************************


**************************************************************************************************
Note: 
The information contained in this message may be privileged and confidential 
and 
protected from disclosure.  If the reader of this message is not the intended  
recipient, or an employee or agent responsible for delivering this message to  
the intended recipient, you are hereby notified that any dissemination,   
distribution or copying of this communication is strictly prohibited. If you  
have received this communication in error, please notify us immediately by  
replying to the message and deleting it from your computer. 
**************************************************************************************************

Reply via email to