Ref: http://www.winvistatips.com/security-log-eventid-529-smtp-t673781.html
Ref: http://www.pcreview.co.uk/forums/thread-1596278.php

Bad guys are trying to authenticate server via port 25.
How to reproduce this log:

# Type telnet 25,and then press ENTER.
# Type EHLO , and then press ENTER.
# Type AUTH LOGIN. The server responds with an encrypted prompt for your user name.
# Enter your user name encrypted in base 64. You can use one of several tools that are available to encode your user name.
# The server responds with an encrypted base 64 prompt for your password. Enter your password encrypted in base 64.
# Type MAIL FROM:, and then press ENTER. If the sender is not permitted to send mail, the SMTP server returns an error.
# Type RCPT TO:,and then press ENTER.If the recipient is not a valid recipient or the server does not accept mail for this domain, the SMTP server returns an error.
# Type DATA.

Or by using hacking tools : Xscan

Solution: You can minimizing the attack by enabling tar pitting
Ref : http://support.microsoft.com/kb/842851/en-us

Leave a Reply