Susan says:
So let’s say you want to be alerted when someone does a password attempt on your system. Go into the health monitor, copy the Account Lockout alert service and edit it to look for event 529 in the event logs. Adjust the Actions to not only log to the system but to email you when someone does a bad password attempt and voila… you now have a early warning system when someone from remote is banging on things.
I personally limit the access to port 25 to only those ports that need access to the servers at ExchangeDefender.com and don’t get drive bys… but if you are concerned…..