SPAM Send "535 5.7.3 Authentication unsuccessful"

Стас Петухов 1 Reputation point
2021-08-09T11:15:49.73+00:00

Hello, recently, cases of blocking of accounts have become more frequent. In events I found that someone is trying to send an anonymous message on behalf of the user.
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,48,myipserver:25,51.81.170.74:61427,,,User Name: "UserName"
2021-08-09T09:56:28.303Z,CAS\Default Frontend CAS01,08D8DFB5A4A72D14,49,myipserver:25,51.81.170.74:61427,
,Tarpit for '0.00:00:05' due to '535 5.7.3 Authentication unsuccessful',
How to block ip or how to protect against such hacking?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,384 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 142.7K Reputation points MVP
    2021-08-09T11:40:38.29+00:00

    If you are using basic authentication, you can't really stop this.
    You need to use Modern Authentication ( and require MFA )

    If you are on-perm, consider using a Hybrid Model with Azure/Exchange Online

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide

    0 comments No comments

  2. Xzsssss 8,861 Reputation points Microsoft Vendor
    2021-08-10T06:14:15.267+00:00

    Hi @Стас Петухов ,

    I would agree with Andy, changing a authentication method could better protect your server from such hackers or some security vulnerabilities.

    What's the version of your Exchange server? If you didn't install the latest update patch, please consider upgrading it:
    https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421

    And yes, after migrated to Exchange Online, you could use the protect services provided by Microsoft like MS Defender, Security and Compliance center etc..

    Best regards,
    Lou


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.