I think this answer is correct in some circumstances, but not universally by any means. Don, do you have any backscatter protection enabled? This would eliminate these as NDRs resulting from spam from spoofed addresses you own. If you don't have backscatter protection, my guess is that spam which does spoof existing addresses would be far more problematic than that which does not.
On Tue, Apr 8, 2014 at 7:13 PM, Mike Tavares <[email protected]>wrote: > the sender <> is normal exchange NDR’s being delivered. Since your > exchange server is authoritative for you domain any messages addressed to > non existent email address will cause these, since a lot of spam has bogus > address you tend to see them sitting in your ques for a while. They will > eventually time out and go away on their own. > > Nothing to worry about. > > > *From:* Steve Ens <[email protected]> > *Sent:* Tuesday, April 08, 2014 4:30 PM > *To:* [email protected] > *Subject:* [Exchange] Relaying > > I'm running exchange 2010 here with all the service packs. I think that > I must have misconfigured one of my receive connectors. I know I am not an > open relay from the outside, but I think I have a machine inside my network > that is compromised and using exchange to send out since I have many > messages sitting in my queue that are undeliverable. Any suggestions as to > how I'd determine from which IP these messages are originating? The sender > always looks like <> I've opened up the message tracking logs, but can't > find any incriminating evidence there. >
