The Windows event log viewer for the "Security" events may display the following "Failure Audits":
The Windows Firewall has detected an application listening for incoming
Path: c:\program files\Mail Enable\bin\MESMTPC.exe
Process identifier: 3796
User account: IME_SYSTEM
User domain: (example: domain.com)
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1075
User notified: No
NOTE: The user account for the "Failure audit" can also be logged as the windows "localsystem" account if MailEnable is not locked down.
More inormation in regards to MailEnable lockdown can be found within the following link: http://www.mailenable.com/security/lockdown.asp
NOTE: Port number may vary.
The security failure audits displayed within the Windows event log viewer are SMTP queries that the service is performing for DNS resolution when using SMTP "Reverse DNS blacklisting". The failure audits are being logged because of a local server auditing policy that has been enabled within the local security settings. The failure audits can be ignored, as this is normal behaviour for the SMTP service when performing DNS queries.
In order to reduce the size of the security event log it is suggested to disable the following local security settings.
Click "Start", click "Control Panel" and then click "Administrative Tools".
In "Administrative Tools" window, double-click "Local Security Policy" shortcut.
In the console tree of the "Local Security Settings" snap-in, click "Local Policies", and then click "Audit Policy".
In the details pane of the "Local Security Settings" snap-in, double-click "Audit policy change". Untick "Failure", and then click OK.
In the details pane of the "Local Security Settings" snap-in, double-click "Audit process tracking". Untick "Failure", and then click OK.
Close the "Local Security Settings" snap-in.
Windows Firewall with Advanced Security Troubleshooting Guide: https://technet.microsoft.com/en-us/library/cc722062(v=ws.10).aspx
|Product:||MailEnable (All Versions)|
|Class:||PRB: Product Problem or Issue|
|Revised:||Tuesday, December 13, 2016|