SMTP protocol logging would help if it's a relay situation. On Apr 8, 2014 4:31 PM, "Steve Ens" <[email protected]> wrote:
> I'm running exchange 2010 here with all the service packs. I think that I > must have misconfigured one of my receive connectors. I know I am not an > open relay from the outside, but I think I have a machine inside my network > that is compromised and using exchange to send out since I have many > messages sitting in my queue that are undeliverable. Any suggestions as to > how I'd determine from which IP these messages are originating? The sender > always looks like <> I've opened up the message tracking logs, but can't > find any incriminating evidence there. >
