• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

smtp and IIS log shows intrusion?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> smtp and IIS log shows intrusion? Page: [1]
Message << Older Topic   Newer Topic >>
smtp and IIS log shows intrusion? - 9.Jun.2005 9:19:00 AM   


Posts: 8
Joined: 22.Jan.2005
From: USA
Status: offline
I have been reviewing the SMTP and IIS log files and have come across some ip addresses that appear to be using our internal exchange/application server to send emails internally. I'm not sure how this works and have been trying to figure it out. The entry in the IIS log appears as follows:
c-ip: 2xx.1xx.1xx.1xx
cs-user: 6x.1xx.1xx.1xx (our internal server address)
s-ip: 6x.1xx.1xx.1xx (our internal server address)

The rest of the entries in this log are our ip addresses that state it is the outbound connection response commands.

When I check the SMTP logs I have set up, it shows this particular 2xx....(the c-ip address above)as the c-ip address.... then it uses the server ip address as our server and the recipient address as our internal user's address. Then the sender-address is not one of our internal names, it starts as: sender-22-67915...@mx3.companixxxxx.com. I have blocked the id addresses from this site but that won't do any good apparently as it is still coming through. Can anyone please help explain this situation.
Thank you
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> smtp and IIS log shows intrusion? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter