Are there well known best practices and/or solutions for stopping Exchange 2003 OWA/EAS dictionary attacks? I have a client that publishes OWA and EAS securely (SSL) through TMG 2010. With MX records being "public", I don't see how you can easily stop this unless you change the default directories (e.g. https://FQDN/Exchange) and/or default ports which will likely wreak havoc on end user's smart phones and/or PC browsers if you can even get it to work on the server side of the equation. Thanks in advance.Bill Thacker

One possible solution would be to change the external name for your MX records. So for an example, SMTP traffic would be on smtp.domain.com and your OWA/ActiveSync traffic would be on webmail.domain.com. This would require a certificate change, an additional IP on the TMG server and possibly some backend changes depending on your current Exchange configuration. That being said, the brute force attacks would fail due to account lock outs and eventually TMG from blocking the offending IP (if you have the protection set up) - I think its called flood protection.JAUCG

Hi Bill, Avery web-site could be attached in the Internet. Exchange is no excluded. I'd sggest you pose this security related question in IIS forum here: http://forums.iis.net/. Your understanding would be appreciated. Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com Fiona Liao TechNet Community Support

If no more question on this thread, we may mark it as answered. Thanks.Fiona Liao TechNet Community Support