Share via

Exchange Server 2019 Default Frontend Connector Received huge Spam request to authentication.

IT301 0 Reputation points
2025-02-19T05:43:35.84+00:00

Default Frontend Connector received the Message like that "Hello [106.219.68.200 - random ip address] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING SMTPUTF8 XRDST

Is it mean that through the NTLM Protocol to authentication ? if yes, Can we block the NTLM protocol ?

Or we can apply other setting in the server to limited the authentication type ?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,808 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tianyi Chang (Shanghai Wicresoft Co Ltd) 410 Reputation points Microsoft Vendor
    2025-02-20T02:56:11.98+00:00

    Hi @IT301

    Welcome to the Microsoft Q&A platform!

    Yes, it means authentication by NTLM protocol. You can disable the NTLM protocol by means of Group Policy, which is much simpler:

    1.Open the Group Policy Management Console (gpedit.msc).

    2.Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.

    3.Locate and configure Network Security: LAN Manager Authentication Level to Send NTLMv2 response to deny LM and NTLM only
    User's image
    If you need stronger security, consider registry settings: Exchange Server support for Windows Extended Protection | Microsoft Learn

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.