Consider? Uh, make that *demand* - egress filtering is one of your strongest security allies.
Default deny, baby. Kurt On Wed, Jul 29, 2009 at 14:02, Stephan Barr<stephanbarr.li...@gmail.com> wrote: > Consider having your firewall allow SMTP outbound from your Exchange server > only. > > On Wed, Jul 29, 2009 at 10:56 AM, Chyka, Robert <bch...@medaille.edu> wrote: >> >> We are running Exchange 2003 on Windows Server 2003. We are fully patched >> etc. We are starting to get a slow growing amount of outbound SPAM trying >> to be sent out of our Exchange server and we are looking to stop it before >> it gets ugly. >> >> >> >> We are a verified closed relay host, but I am noticing a weird event for a >> specific user in the event log. >> >> >> >> It is EventId 1708 and the Source is MSExchange Transport >> >> >> >> The text is: >> >> >> >> SMTP Authentication was performed successfully with client "[127.0.0.1]". >> The authentication method was "NTLM" and the username was "xxxxxxx” >> >> >> >> >> >> >> >> I didn’t know if the 127.0.0.1 was an issue? Never saw it before. >> >> >> >> Thanks!!! >
