question

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 asked SunnyQi-MSFT commented

Proper rule to create

Hi,
I have already created rule below

netsh advfirewall firewall add rule name="NETRule8/04/2021 14:16:37_1" dir=in action=block remoteip=5.188.1.1-5.188.255.255

but such IP 5.188.206.246 is still creating bad activities on Email server like

2021-04-08 20:21:14 htwnmmiqwvpt@ump.gwdg.de operations@my???????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0
2021-04-08 20:21:38 qplaiebpykgy@ump.gwdg.de oyqjaafslj@my???????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0
2021-04-08 20:51:00 vzumobgvjdb@lighthouseapostolicchurch.net acnfrkbnwx@my???????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0

how to protect the server well?


windows-serverwindows-server-2016windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered Jackson1990-7147 published

Hi,
My previous comment was not saved properly. Can you help to the following?
87325-1i.png



1i.png (55.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered Jackson1990-7147 published

Hi,
My previous comment was not saved properly. Why can't I save properly comments to this thread? What is the reason?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered Jackson1990-7147 published

Hi,
My previous comment was not saved properly. Why can't I save properly comments to this thread? What is the reason?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered cheong00 commented

Hi,
Why can't I save any comments to the following thread?
https://docs.microsoft.com/en-us/answers/questions/349459/proper-rule-to-create.html

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

See my comment I posted before:

[quote]
Your comment has been caught by system as spam because of the email addresses there.

If you wait some time we're release it after visually verify it's not spam.
[/quote]

I'll add by repetitively posting similar content, the system now seems to be trained to put those posts directly into "spam" pile instead of "moderation"pile. Since the number of post in "spam" pile will not be shown, we'll only see your posts falling into there when we explicitly open that view.

0 Votes 0 ·
Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered

Hi,
It is problem that I cannot post comments to the following thread. Can you help?
https://docs.microsoft.com/en-us/answers/questions/349459/proper-rule-to-create.html

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered SunnyQi-MSFT commented

Hi Sunny,
My previous comment was not saved properly. Why can't I save properly comments to this thread? Can you help to the following?
87250-1i.png



1i.png (55.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Based on provided screenshot, I noticed that Windows Firewall of domain profile is off which is the reason for 0 size of the log file. Firewall for private profile and public profile in on. Please enable firewall log for Private profile and Public profile to see if there is any clue.

For details regarding of each network profile, please refer to the following screenshot.

87531-image.png

Best Regards,
Sunny


0 Votes 0 ·
image.png (10.5 KiB)
Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered Jackson1990-7147 edited

Yes, current rule created like

netsh advfirewall firewall add rule name="NETRule15/04/2021 10:55:37_1" dir=in action=block remoteip=5.188.1.1-5.188.255.255

is applicable to Domain, Private, Public, but why is there repeatedly lots of tryouts like the following by IP starting with 5.188? How to stop such big amount of annoyances from given IP?

87984-1l.png

2021-04-14 07:01:37 80eyr4btfptx15@epoisses.inra.fr tara@m????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0
2021-04-14 07:01:37 80eyr4btfptx15@epoisses.inra.fr registrar@m????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0
2021-04-14 07:01:37 80eyr4btfptx15@epoisses.inra.fr bookings@m????.?? 5.188.206.246 127.0.0.1 SMTP ? 550 0



1l.png (23.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered

Hi,
Any other help?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 answered SunnyQi-MSFT commented

Hi,

I noticed that the firewall for domain profile in your environment has been disabled, so you need enable firewall log for private and public profiles for checking.

Can you share with screenshot that you've got this?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

According to your following reply.

88010-image.png

If the firewall was disabled, it will show as the following screenshot.

88182-image.png

Best Regards,
Sunny

0 Votes 0 ·
image.png (92.8 KiB)
image.png (33.6 KiB)