Exchange attack about

sonkam · May 25, 2024, 7:43pm

Hello, we are using exchange 2019 cu14 but
It does not prevent crowdsec exchange smtp receive attacks, especially after cu14 has passed.

Has there been a change regarding this? We have installed crowdsec v1.6.1 now, but the situation is the same.

Error logs are as follows and account accounts are locked due to these attacks.

event id: 1035
Inbound authentication failed with error LogonDenied for Receive connector Client Frontend.

Can I ask for your support and information?

SassySiren · June 24, 2024, 12:36pm

Hello there

It is important to confirm if microsoft and crowdsec have issued any updates and fixes lately that may resolve technical problems and holes in security.
Also, you may be able to reduce these risks by going over the setup of your receive connectors and making sure they follow set safety rules.

Topic		Replies	Views
SMTP Logfile locking on Exchange Server by Crowdsec crowdsec	0	168	May 24, 2024
Adding new smtp parser for failed logins crowdsec	1	803	June 21, 2022
Nginx: failed basic auth attempts aren't banned crowdsec	9	1679	January 13, 2022
I feel I made something wrong crowdsec	2	103	August 2, 2024
Is there a way to use an existing mta/sendmail for mailing crowdsec events? crowdsec	4	581	February 6, 2023

Exchange attack about

Related topics