I think Don has not been in this conversation yet, and i do use Vipre for backscatter and spam protection. I don't think having 600 messages undelivered in the queue is reasonable. We have been blacklisted a couple of times and been delisted so far. I also have all traffic on port 25 blocked out of the firewall except for the Exchange box. I'm looking at the smtp logs and can;t seem anything off yet.
On Tue, Apr 8, 2014 at 7:07 PM, Richard Stovall <[email protected]> wrote: > I think this answer is correct in some circumstances, but not universally > by any means. Don, do you have any backscatter protection enabled? This > would eliminate these as NDRs resulting from spam from spoofed addresses > you own. If you don't have backscatter protection, my guess is that spam > which does spoof existing addresses would be far more problematic than that > which does not. > > > On Tue, Apr 8, 2014 at 7:13 PM, Mike Tavares <[email protected]>wrote: > >> the sender <> is normal exchange NDR's being delivered. Since your >> exchange server is authoritative for you domain any messages addressed to >> non existent email address will cause these, since a lot of spam has bogus >> address you tend to see them sitting in your ques for a while. They will >> eventually time out and go away on their own. >> >> Nothing to worry about. >> >> >> *From:* Steve Ens <[email protected]> >> *Sent:* Tuesday, April 08, 2014 4:30 PM >> *To:* [email protected] >> *Subject:* [Exchange] Relaying >> >> I'm running exchange 2010 here with all the service packs. I think >> that I must have misconfigured one of my receive connectors. I know I am >> not an open relay from the outside, but I think I have a machine inside my >> network that is compromised and using exchange to send out since I have >> many messages sitting in my queue that are undeliverable. Any suggestions >> as to how I'd determine from which IP these messages are originating? The >> sender always looks like <> I've opened up the message tracking logs, but >> can't find any incriminating evidence there. >> > >
