Re: SMTPSVC warning messages in system log
From: dave (take_at_guess.com)
Date: 05/18/04
- Next message: Mark Fugatt [MVP]: "Re: Can send mail outside network but not receive"
- Previous message: Richard pbvmsf: "Can send mail outside network but not receive"
- In reply to: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Next in thread: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Reply: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 18 May 2004 13:51:43 -0400
Thanks Denis. We are closed just fine. I did what you said, as far as enabling
SMTP logging. So far, I don`t see any 1708 messages, but I`ll keep an eye out.
We do have password complexity standards for our users which requires numbers
and letters plus atleast 6 digits, plus the guest account is disabled, and the
administrator account has a difficult password. In the meantime, should I just
delete the messages that are trying to get out? Is it possible this is just some
sort of glitch, or should I be concerned?
"Denis McDowell [MSFT]" wrote:
> If you have verfied that you are closed to relay per
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;310380, then you may
> have a comprimised account that is being used for authentication. Turn SMTP
> Protocol Logging to Maximim in the Server > Diagnostics Logging and check
> for Event ID 1708. This event will identify the account being used. Common
> culprits are local administrator accounts with blank passwords, username =
> test\password = test, and others.
>
> --
> Denis McDowell [MSFT]
> "dave" <take@guess.com> wrote in message news:40AA3959.74B1A1F0@guess.com...
> > This morning I came in to find a "system log is full" message on our
> > server screen. When I looked in the log, there are what looks like
> > hundreds of SMTPSVC warning messages with an event ID 4000. They are
> > happening every 2 minutes or so. All relaying is disabled for the SMTP
> > virtual server. Port 80 is closed at our firewall. The message in the
> > description box says "Message delivery to the remote domain
> > 'carefulchristianconsumer.com' failed for the following reason: The
> > remote server did not respond to a connection attempt." When I look in
> > the Exchange system under the SMTP virtual server Queues, I can see all
> > the domains listed that are mentioned in the warning messages. There are
> >
> > about 20 domains altogether, and each one has a total number of one
> > message, all of them from "postmaster@ourdomain.com". When I double
> > click on the messages and look at the details tab, the Status: says
> > "Retry". We are running Symantec Anti-Virus for gateways and keep it up
> > to date, and I just ran Windows Update last night. We also run Symantec
> > on our workstations, which are updated weekly. Should I just delete all
> > these messages, or do I have a major security issue on our hands? We are
> >
> > still able to send and receive emails in and out of office. There is
> > nothing unusual that I can see in Task Manager. Inetinfo is using about
> > 24MB of RAM. Disk space is pretty constant.
> > We are using Windows 2000SBS patched with the most recent updates.
> > Thanks.
> >
- Next message: Mark Fugatt [MVP]: "Re: Can send mail outside network but not receive"
- Previous message: Richard pbvmsf: "Can send mail outside network but not receive"
- In reply to: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Next in thread: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Reply: Denis McDowell [MSFT]: "Re: SMTPSVC warning messages in system log"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
