The server is not in production yet: There should be NO SMTP traffic on it.
[The business owner is returning from vacation tomorrow (Tuesday), and that's
when I roll out the Outlook clients.]
>-----Original Message-----
>From: William Lefkovics [mailto:[EMAIL PROTECTED]]
>Subject: RE: Exchange 5.5 server HACKED!
>
>
>The 4188 errors are typical if you ARE relay secure, you use 'only
>authenticated users can relay' and others try.
>
>Where do you think you are 'hacked'?
>
>
>
>-----Original Message-----
>From: Dan Schwartz [mailto:[EMAIL PROTECTED]]
>Subject: Exchange 5.5 server HACKED!
>
>
>
>
> OK gang...
>
> A small Exchange 5.5/SP4 server I recently set up was repeatedly
>*hacked* over the weekend, according to the logs; and I'm trying to
>figure out if I made an error configuring the IMC. The symptom is that
>it appears to be relaying by unauthorized parties.
>
> The server is itself is NT4/SP6a, fully patched this afternoon
>to the very latest hotfixes. All of the account passwords are 8 or more
>characters with a mix of upper & lower case characters & numbers, the
>Admin & Exchange service accounts are 15 characters, yada yada yada.
>
> I applied the last hotfix & rebooted at 1:10PM Monday, and it
>was still hacked. To see the event log, click on:
><http://www.rogue-admins.com/dansworld/Exchange_Attack_AppLog.zip>
>
> Any suggestions?
>
> Thanks!
> Dan
>
>"There are two major products that come out of Berkeley: LSD and UNIX.
> We don't believe this to be a coincidence." (Jeremy S. Anderson)
>
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
