I've got a site with a Windows 2003 server (Stnd edition) all patched up to date running Exchange SP3 + post sp3 patches. Clean install last Friday.
I'm running the SMTP virtual server with the servers LAN IP in the "allowed to relay" box and I've unticked the "allow to relay if authenticated" tick box.
I've made sure the guest account is disabled and have forced all users to change their passwords.
The machine is relentlessly relaying. I've even remade the virtual server (it's not set to relay).
I'm logging the SMTP queue and as you can see some email bounce as 550 user not known but some complete . Anyone seen this before?
Any help would be greatly appreciated...
08:42:54 64.156.215.5 - - 0
08:43:03 194.72.6.62 xxxx - 500
08:43:03 194.72.6.62 HELO - 250
08:43:03 194.72.6.62 MAIL - 250
08:43:03 194.72.6.62 RCPT - 250
08:43:03 194.72.6.62 DATA - 250
08:43:03 194.72.6.62 QUIT - 240
08:43:03 69.42.70.200 - - 0
08:43:03 69.42.70.200 EHLO - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 HELO - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 MAIL - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 RCPT - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 DATA - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 QUIT - 0
08:45:54 219.91.69.103 xxxx - 500
08:45:54 219.91.69.103 HELO - 250
08:45:55 219.91.69.103 MAIL - 250
08:45:55 219.91.69.103 RCPT - 550
08:45:57 219.91.69.103 QUIT - 240
08:48:26 219.91.122.171 xxxx - 500
08:48:26 219.91.122.171 HELO - 250
08:48:27 219.91.122.171 MAIL - 250
08:48:27 219.91.122.171 RCPT - 550
08:48:27 219.91.122.171 QUIT - 240
08:48:55 219.91.67.14 xxxx - 500
08:48:55 219.91.67.14 HELO - 250
08:48:56 219.91.67.14 MAIL - 250
08:48:56 219.91.67.14 RCPT - 550
08:48:56 219.91.67.14 QUIT - 240
08:50:29 194.25.134.20 xxxx - 500
08:50:29 194.25.134.20 HELO - 250
08:50:29 194.25.134.20 MAIL - 250
08:50:29 194.25.134.20 RCPT - 250
I'm running the SMTP virtual server with the servers LAN IP in the "allowed to relay" box and I've unticked the "allow to relay if authenticated" tick box.
I've made sure the guest account is disabled and have forced all users to change their passwords.
The machine is relentlessly relaying. I've even remade the virtual server (it's not set to relay).
I'm logging the SMTP queue and as you can see some email bounce as 550 user not known but some complete . Anyone seen this before?
Any help would be greatly appreciated...
08:42:54 64.156.215.5 - - 0
08:43:03 194.72.6.62 xxxx - 500
08:43:03 194.72.6.62 HELO - 250
08:43:03 194.72.6.62 MAIL - 250
08:43:03 194.72.6.62 RCPT - 250
08:43:03 194.72.6.62 DATA - 250
08:43:03 194.72.6.62 QUIT - 240
08:43:03 69.42.70.200 - - 0
08:43:03 69.42.70.200 EHLO - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 HELO - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 MAIL - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 RCPT - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 DATA - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 - - 0
08:43:04 69.42.70.200 QUIT - 0
08:45:54 219.91.69.103 xxxx - 500
08:45:54 219.91.69.103 HELO - 250
08:45:55 219.91.69.103 MAIL - 250
08:45:55 219.91.69.103 RCPT - 550
08:45:57 219.91.69.103 QUIT - 240
08:48:26 219.91.122.171 xxxx - 500
08:48:26 219.91.122.171 HELO - 250
08:48:27 219.91.122.171 MAIL - 250
08:48:27 219.91.122.171 RCPT - 550
08:48:27 219.91.122.171 QUIT - 240
08:48:55 219.91.67.14 xxxx - 500
08:48:55 219.91.67.14 HELO - 250
08:48:56 219.91.67.14 MAIL - 250
08:48:56 219.91.67.14 RCPT - 550
08:48:56 219.91.67.14 QUIT - 240
08:50:29 194.25.134.20 xxxx - 500
08:50:29 194.25.134.20 HELO - 250
08:50:29 194.25.134.20 MAIL - 250
08:50:29 194.25.134.20 RCPT - 250