The 4188 errors are typical if you ARE relay secure, you use 'only authenticated users can relay' and others try.
Where do you think you are 'hacked'? -----Original Message----- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 8:34 PM To: MS-Exchange Admin Issues Subject: Exchange 5.5 server HACKED! OK gang... A small Exchange 5.5/SP4 server I recently set up was repeatedly *hacked* over the weekend, according to the logs; and I'm trying to figure out if I made an error configuring the IMC. The symptom is that it appears to be relaying by unauthorized parties. The server is itself is NT4/SP6a, fully patched this afternoon to the very latest hotfixes. All of the account passwords are 8 or more characters with a mix of upper & lower case characters & numbers, the Admin & Exchange service accounts are 15 characters, yada yada yada. I applied the last hotfix & rebooted at 1:10PM Monday, and it was still hacked. To see the event log, click on: <http://www.rogue-admins.com/dansworld/Exchange_Attack_AppLog.zip> Any suggestions? Thanks! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
