Thanks for your response. It is definitely coming from an external source. Up to this point there has been no breach so that is a positive. Like I said before, the IP address of the source is being blocked so I have no way of tracing it. Over last weekend the break in attempt from this source went on for 29 straight hours, so needless to say, I am a little concerned. I have only been here for a few months, but the person before me put our email on the domain server, so that isn’t helping matters much. Since we have employees that work remotely and need access to email, I need to keep that IP address public.

As you have indicated, decisions made before you came, have put your systems in a risky state, I would suggest that you at least get hardware firewall and put it between your system and the internet. Configure the firewall to allow only the minimum number of open inbound, port such as 25 & 110 for mail; port 80 if you have a web. If your employees don’t need to log on to their accounts block 138, etc. externally.. If they do, consider setting up an inbound secure VPN connection on a special port. Some people do all of this at home with something like a $50 Linksys router if their need are simple.

TRB86,

Thanks for the ideas on the firewall. We do have a SonicWALL and an eSafe box in between the outside world and our system. Everyone can VPN into the system. I’ll check the settings you have mentioned though. We have decided to get a second server for Exchange and move the public IP to that server and hide the main server.