I'm at a loss here and need some help. I have an exchange 2003 server that has been used as relay 2 days ago and this morning. I have checked and tested that I am not open as a relay (or somehow I am!?) I checked the SMTP logs and found entries for the spammer but I can't see how they were able to send the emails. Log snipped: 2009-01-21 13:51:57 71.158.154.135 User EHLO - +User 250 0 334 9 0 - 2009-01-21 13:51:57 71.158.154.135 User MAIL - +FROM:<[email protected]> 250 0 45 32 0 - 2009-01-21 13:51:57 71.158.154.135 User RCPT - +TO:<[email protected]> 250 0 33 30 0 - 2009-01-21 13:51:58 71.158.154.135 User RCPT - +TO:<[email protected]> 250 0 33 30 0 - Yesterday I had set the IP address to be blocked under Message Delivery-Connections options but they still got in. I just now added the IP to SMTP's connection properties. I've also emailed the IP owners (from ARIN) with the logs. How might this be happening? I have all of my mail normally come in via MX to my barracuda and my internal mail server sends mail out via my 'cuda. Thanks, Jake Gardner TTC Network Administrator Ext. 246
***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
