Consider having your firewall allow SMTP outbound from your Exchange server only.
On Wed, Jul 29, 2009 at 10:56 AM, Chyka, Robert <bch...@medaille.edu> wrote: > We are running Exchange 2003 on Windows Server 2003. We are fully > patched etc. We are starting to get a slow growing amount of outbound SPAM > trying to be sent out of our Exchange server and we are looking to stop it > before it gets ugly. > > > > We are a verified closed relay host, but I am noticing a weird event for a > specific user in the event log. > > > > It is EventId 1708 and the Source is MSExchange Transport > > > > The text is: > > > > SMTP Authentication was performed successfully with client "[127.0.0.1]". > The authentication method was "NTLM" and the username was "xxxxxxx” > > > > > > > > I didn’t know if the 127.0.0.1 was an issue? Never saw it before. > > > > Thanks!!! >