The username, domain and workstation are not from our domain. This is the case for most of these events. They appear to other email servers - that's why I am under the impression (correctly or incorrectly) that this is caused during the SMTP communication.
-----Original Message----- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Monday, 25 February 2002 10:25 AM To: Exchange Discussions Subject: Re: Exchange 2000 security Could be hacking or forgetful users. Try these Q articles. Q174073 Q174074 Q272594 ----- Original Message ----- From: "Duane Purcell" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Sunday, February 24, 2002 6:24 PM Subject: Exchange 2000 security I am seeing lots of security event ID's 529 Logon/Logoff on our exchange 2000 server. They look like other mail servers. Is this typical of an established SMTP connection between 2 servers, or a hacking attempt? Logon Failure: Reason: Unknown user name or bad password User Name: CORESMTP1$ Domain: EX Logon Type: 3 Logon Process: NtLmSsp Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: CORESMTP1 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
