Another related question ... Most of the spam messages we get have covered their tracks - when I look at the properties of the sender or recipient, they are not valid smtp addresses. How do they do that?
Again, just a pointer to an article or KB; I'm willing to dig, just want to know where. Bob -----Original Message----- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like "recipient name is not recognized", "550", "Relaying denied", "user unknown". Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB & ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA & have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm