Hi Ajit Terdalkar,
It may be someone who is trying to authenticate to attack or use your server as a relay.
The authentication failure event was most likely triggered by an attempt by this blacklisted IP address to connect to the Exchange server. To avoid these incidents, you may want to consider blocking the IP addresses in the blacklist with the firewall. This will block any further connection attempts from that IP address.
Best Regards,
Dezhi
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation](https://aka.ms/msftqanotifications)"https://aka.ms/msftqanotifications)") to enable e-mail notifications if you want to receive the related email notification for this thread.