Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

POSSIBLE EXCHANGE HACK??? HELP

Status
Not open for further replies.
robbo007

robbo007

IS-IT--Management
May 9, 2003
35
0
0
ES
Hello all,

I keep recieving this messenge in my Exchange 2003 Server. Is it a hack? Its always the same IP address too.

Anyone know a little more aout this error?

Event ID: 7004

This is an SMTP protocol error log for virtual server ID 1, connection #87. The remote host "213.4.134.28", responded to the SMTP command "xexch50" with "504 Need to authenticate first ". The full command sent was "XEXCH50 2404 2 ". This will probably cause the connection to fail.

Thanks,

Rob
 
Sort by date Sort by votes
From a newsgroup post: "If the only problem you are seeing is that XEXCH50 is being denied in some cases, but there is no mail flow problem, it sounds like everything is ok as long as XEXCH50 is only being denied from servers outside of your Exchange Organization and mail is still being received.
Exchange 2003 only accepts XEXCH50 protocol data from clients who authenticate and have been granted "Send As" permission on the receiving SMTP virtual server object in the AD. In this respect, Exchange 2003 behaves differently than Exchange 2000. Within a single Exchange organization, Exchange setup takes care of ensuring that all Exchange servers have the necessary "Send As" right on all of the SMTP virtual servers, through the ACL on the Exchange organization object in the AD which inherits down to all of the SMTP virtual server objects. Because of this, the XEXCH50 command should be properly sent and received between servers within a single Exchange organization. It is expected that Exchange 2003 will block inbound XEXCH50 data from other Exchange organizations by default, and in this regard, the fact that it is responding with "504 Need to authenticate first" is actually correct, if the remote server is not part of the same Exchange organization. If you are seeing this between servers in the same Exchange organization, that is potentially an authentication or ACLing problem that should be looked into. You can use “ADSIEdit.msc” to investigate the ACLs of the Exchange objects in the configuration container if you suspect that the necessary Exchange server security groups have not been granted the “Send As” access that they need on the SMTP virtual servers. If you are seeing this between servers in different Exchange organizations, it is normal expected behavior, and should not actually block mail flow. When Exchange 2003 rejects an inbound XEXCH50 attempt, it allows the client to continue without the XEXCH50 data. When Exchange 2000 or 2003 attempt to send an XEXCH50 command and are denied, they continue to try to send their message data".

per Microsoft: " This issue may occur if the computer that is running Exchange 2000 or Exchange 2003 is listed as a messaging server that sends unsolicited commercial e-mail (UCE, also known as spam). This behavior may occur if the computer that is running Exchange 2000 or Exchange 2003 is an open mail relay". See Q300580 for a fix.


Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
Perfect. A blinding response. Thanks for your help. I am filtering all mail with the spam lists. Its probable that that IP address is on that black list.

Cheers,

Rob
 
Upvote 0 Downvote
Yup. Just checked and that IP address is on a black list:

Results: Positive=3, Negative=27 (2004-07-16 09:00:33 UTC)
@ISP/blackholes.us: 213.4/16: 553 ISP TELEFONICA - [Blockparade]
BLARS/block.blars.org: INET 127.1.0.41
FIVETEN/terra.es.spam-support: added 2002-09-08;
spam support - see added 2002-09-08; spam support - hosting Negative 27: @COUNTRY @DYNAMIC @SPAM AHBL AUDNSBL BOGONS BOPM CBL DRBL DSBL INTERSIL JIPPGMA LNSG NJABL NOMORE ORDB PSBL RFC_IPWH SBL SORBS SPAMBAG SPAMCOP SPAMRBL SPAMSITE SPEWS UCEPROT
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
575
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
528
ComputersUnlimited
ComputersUnlimited
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
539
Satishkumar007
Satishkumar007
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
569
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
529
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top