Thanks for the reply. So, it seems like as far as the warnings go this is business as usual and nothing really to be concerned about. I check the queue regulary, at least 3x a day, and have never seen a message waiting for this recipient so it must be being resent successfully.
Any ideas on...
Greetings all, I'm seeing a good amount of MSExchange Transport Warnings and some Errors in the Application log. This is from a SBS 2003 Server with Exchange 2003.
Here are 2 examples of warnings, the recipient in this case is someone that my clients email:
This is an SMTP protocol warning log...
I'm on SBS 2k3 SP2 not R2 so I don't have access to FSRM. I have disk quotas setup for everyone and their limits are spread about between 1 GB and 50 GB depending on the user and their job. Is there a way to see what an individual user has stored file/folder wise on the drive which contains...
I used the base64 encoding tool and typed in admin and then encoded it. Pasted that code to the telnet session and voila I had a failed auth as "admin"...
So, yeah I can't telnet to port 25 because my ISP blocks port 25. I have a remote machine I can connect to and use it to try and telnet into port 25. I was able to connect that way. But like you said the user name is gibberish. It appears that someone is trying to auth SMTP to maybe use the...
Thank you and everyone else for all the help.
Well we're not an open relay either and I'll look at the post about NTLM.
I did try to Telnet to the server and could not establish a connections. I started telnet and used "open mail.domainname.com 25". I received "Could not open connection to...
I tried OWA and it does show the IP address and it shows PID 7896 and that is w3wp.exe as well. This is what I get from failed OWA login. Notice the logon type is 8 and what I'm experiencing now is 3.
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator...
I have had 5 attacks today from %usernam% not %username%. The same PID 2128 which is inetinfo.exe. I tried accessing RWW and put in a user name and password, both that I knew were incorrect and it went to PID 8232 w3wp.exe. So, these attacks are not from someone attempting to logon via RWW...
Port 80 is not and as far as I'm aware never been published to the public. 443 and 25 are the only ones besides ports that are redirected for rdp. I have a recent error from today that is pointing to PID 2128 which is inetinfo.exe. This was this morning for 2 minutes all using user name of...
LRB45 are you using any firewall or router? I just did something like this with a Cisco ASA 5505 but on an internal Windows 7 client. You can change the port that the client responds to RDC calls from 3389 to say 3390. Then on the router you need to use PAT and open external port to something...
Do you recommend any bootable malware scanners? I ran malware bytes anti-malware although it's not for sbs 2003 it found nothing. I did run TDSSKiller and it found sbscrexe.exe which is for licensing and will reboot your server if it is not promoted to a DC. I found a thread on this forum...
Thank you for the reply. I thought it was weird as well since there was not IP listed. All users are using strong passwords and there is no sales account. All the accounts used in this attack were from accounts that don't exist on the server except for the Administrator account. There is a...
Today at 11:10am EST we received about 110 attacks from different user names like admin, ftp, mail, sales and so on. I've pasted the event id properties below. We do have port 25 and 443 open and I'm guessing it could be an attack on Remote Web Workplace. Any ideas on what this is and how I...
Yes, that's exactly what I needed. I was worried that by unchecking "Inherit from parent" would effect more than just that folder. Thanks for your help it worked great.
We have a shared folder called "company docs" that all the users have access to on the server to store certain things that all other might need. I've been tasked to create a folder within that folder to hold sensitive files. I want to be able to "lock down" or "deny" other users except for a...
Sorry for the delay, I just saw that someone had replied to my post. Thanks for your help.
Let me make sure I have this straight before proceeding with this process.
I'm assuming with the server shut down I remove a drive then boot the server and let it rebuild completely. Then shut down...
I run a ProLiant ML330 with 2 36 GB drives currently in a RAID 1 configuratin with a 12 GB partition on C: and a 22 GB partition on E:. The C: partition has less than 1 GB of free data because of previous admins installing apps/programs to this partition. I'd like to upgrade to 2 larger...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.