Hacking Attempt

Discussion forum for Enterprise Edition.
Post Reply
netmo
Posts: 31
Joined: Mon Jun 20, 2011 7:46 pm

Hacking Attempt

Post by netmo » Wed Sep 04, 2019 2:30 pm

Hi All,

We have someone trying to access Audit logs. How are they able to get this and how can we turn this off.

Eventlog ID:

The description for Event ID 10000 from source MailEnable cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

MailEnable SMTP Service (C:\PROGRA~2\MAILEN~1\Bin64\MESMTPC.EXE) error: 3
Timed out waiting to access audit file (D:\Mail Enable\CONFIG\Audit\xxxxxx.com\shit...\AUDIT-190903.log) to log Invalid authorisation attempt from 103.125.191.109 by [SMTP] for shit.... Client IP: 103.125.191.109. Result=3

the message resource is present but the message is not found in the string/message table

Jinglebens
Posts: 23
Joined: Mon Nov 05, 2007 9:56 am

Re: Hacking Attempt

Post by Jinglebens » Thu Sep 05, 2019 7:52 am

What I see in your message is the following:

- Invalid authorisation attempt from 103.125.191.109
- MailEnable SMTP Service (C:\PROGRA~2\MAILEN~1\Bin64\MESMTPC.EXE) failed to log it to audit file

You may want to check if the audit file exists and not locked.

Post Reply