I think you defining what is occurring as a 'relay' isn't correct. If I am reading this right it seems to me that someone is spoofing spam mail to an email that doesn't exist on your server. So then your server is trying to respond with an NDR, but due to the part that the senders mail address is spoofed it is sending to the spoofed address, thus more spam. If that is the case your aren't being used as a relay you are just facing the same issue that we all are because of the ease of spoofing SMTP mail message originating e-mail addresses.
If there was a way that we could set up our Exchange to tell the difference between spoofed messages and non-spoofed ones then we could all avoid this problem. After all, I can't tell you how many users I have that are getting NDRs for messages that they never sent (Kletz just hit someone they new). If that doesn't make any sense I will get some more coffee and try to re-start my thinking process. chuck -----Original Message----- From: Karon Miller [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 11:58 AM To: Exchange Discussions Subject: RE: Anonymous messages in the outbound queue So if an NDR is trying to go to faked addresses used by SPAMMERS, then does that mean that my server is being SPAM RELAYED? I've done the Relay test and it's not being used as a Relay so are they getting in some other way? When I called Microsoft they say it's from a misconfigured firewall but my firewall guy says "impossible". So, I'm back to looking at the Exchange server. Any other ideas? Thanks! It's normal. They're NDRs, and probably NDRs trying to go to the faked addresses used by spammers. Feel free to delete. > > -Peter > > > -----Original Message----- > From: Karon Miller [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 9:50 > To: Exchange Discussions > Subject: Anonymous messages in the outbound queue > > > I've tried several things to prevent messages getting stuck in the> > Outbound queue of the IMS it's like someone is relaying SPAM off of > us. I've installed Trend Micro's InterScan 5 Messaging Security Suite > and tried to block anonymous messages that way. Are they NDR's or > messages to user's that are no longer here? Normally I just delete > them everyday but I'm concerned that we're being a relay of somekind. > Is this normal for Exchange 5.5 > > Thanks! > Karon > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > ______________________________________________ > This message is private or privileged. If you are not the person for > whom this message is intended, please delete it and notify me > immediately, and please do not copy or send this message to anyone > else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
