Let me answer my own question. Those spammers were using authentication to logon to SMTP server of our Exchange. Once we saw what user account was being used and disabled it, problem went away. (Due to POP3 users, we have to allow routing thru authentication.)
Jay Kulsh Please visit http://www.cancer-treatment.net ----- Original Message ----- From: Jay Kulsh To: Exchange Discussions Sent: Sunday, November 02, 2003 9:17 PM Subject: Spam Clogging the IMC Queue -- Feigning Open Relay Hi folks, We do not have open relay on our two Exchange servers (5.5 SP4) as tested by various tools. However in the queue of IMC, there are thousand of messages that have outside domains in both source and destination addresses. The addresses of originators are obviously computer generated with words like [EMAIL PROTECTED], [EMAIL PROTECTED] etc. We have no proof yet that any of these messages are actually delivered -- as if we were open realy -- to the destination domain but that is a possibility. Symantec techsupport stated that they are not aware of any virus or worm that can do this. If we are not allowing open-relay what is causing these messages to get to our IMC queue? Please help! Jay __________ Jay Kulsh iLAN Pasadena, CA _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]