It may already be set. If it isn't setting it won't stop what you're seeing now, since they're trying to use your Exchange server as a relay. You can test it by trying to do a manual smtp connect (telnet to port 25) to a mail server outside of your network from your workstation.
-----Original Message----- From: Chyka, Robert [mailto:bch...@medaille.edu] Sent: Wednesday, July 29, 2009 5:37 PM To: MS-Exchange Admin Issues Subject: RE: Quick Event Question We have a cisco asa... Do you know the command? I just don't want to screw up the firewall. Thanks for your help... -----Original Message----- From: "Kurt Buff" <kurt.b...@gmail.com> To: "MS-Exchange Admin Issues" <exchangelist@lyris.sunbelt-software.com> Sent: 7/29/09 5:54 PM Subject: Re: Quick Event Question Consider? Uh, make that *demand* - egress filtering is one of your strongest security allies. Default deny, baby. Kurt On Wed, Jul 29, 2009 at 14:02, Stephan Barr<stephanbarr.li...@gmail.com> wrote: > Consider having your firewall allow SMTP outbound from your Exchange server > only. > > On Wed, Jul 29, 2009 at 10:56 AM, Chyka, Robert <bch...@medaille.edu> wrote: >> >> We are running Exchange 2003 on Windows Server 2003. We are fully patched >> etc. We are starting to get a slow growing amount of outbound SPAM trying >> to be sent out of our Exchange server and we are looking to stop it before >> it gets ugly. >> >> >> >> We are a verified closed relay host, but I am noticing a weird event for a >> specific user in the event log. >> >> >> >> It is EventId 1708 and the Source is MSExchange Transport >> >> >> >> The text is: >> >> >> >> SMTP Authentication was performed successfully with client "[127.0.0.1]". >> The authentication method was "NTLM" and the username was "xxxxxxx" >> >> >> >> >> >> >> >> I didn't know if the 127.0.0.1 was an issue? Never saw it before. >> >> >> >> Thanks!!! > ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **************************************************************************************************
