If you are using basic authentication, you can't really stop this.
You need to use Modern Authentication ( and require MFA )
If you are on-perm, consider using a Hybrid Model with Azure/Exchange Online
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello, recently, cases of blocking of accounts have become more frequent. In events I found that someone is trying to send an anonymous message on behalf of the user.
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,48,myipserver:25,51.81.170.74:61427,,,User Name: "UserName"
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,49,myipserver:25,51.81.170.74:61427,,Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful',
How to block ip or how to protect against such hacking?
If you are using basic authentication, you can't really stop this.
You need to use Modern Authentication ( and require MFA )
If you are on-perm, consider using a Hybrid Model with Azure/Exchange Online
Hi @Стас Петухов ,
I would agree with Andy, changing a authentication method could better protect your server from such hackers or some security vulnerabilities.
What's the version of your Exchange server? If you didn't install the latest update patch, please consider upgrading it:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421
And yes, after migrated to Exchange Online, you could use the protect services provided by Microsoft like MS Defender, Security and Compliance center etc..
Best regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.