question

82023188 avatar image
0 Votes"
82023188 asked ZhengqiLou-MSFT commented

SPAM Send "535 5.7.3 Authentication unsuccessful"

Hello, recently, cases of blocking of accounts have become more frequent. In events I found that someone is trying to send an anonymous message on behalf of the user.
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,48,myipserver:25,51.81.170.74:61427,,,User Name: "UserName"
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,49,myipserver:25,51.81.170.74:61427,
,Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful',
How to block ip or how to protect against such hacking?

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered ZhengqiLou-MSFT commented

Hi @82023188 ,

I would agree with Andy, changing a authentication method could better protect your server from such hackers or some security vulnerabilities.

What's the version of your Exchange server? If you didn't install the latest update patch, please consider upgrading it:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421

And yes, after migrated to Exchange Online, you could use the protect services provided by Microsoft like MS Defender, Security and Compliance center etc..

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @82023188 ,

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

If you are still stuck in this issue, please feel free to post your questions.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered

If you are using basic authentication, you can't really stop this.
You need to use Modern Authentication ( and require MFA )

If you are on-perm, consider using a Hybrid Model with Azure/Exchange Online

https://docs.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.