Reading the "outbound messages awaiting delivery" queue

[MichaelDOM2005]

Hello again -

As I'm looking at the "Outbound Messages Awaiting Delivery" tab in IMS, there are a whole bunch of email addresses that are not local to our system (they are not on the GAL). Do I take it that these are spammers?

If they are, I'm confused as to how they can be getting access to the server. When I try to telnet to our server, I get the 550/relaying denied message. I also tried several open relay test sites, and they all report the server as secure.

So how are these folks getting in and what can we do to stop them?

Thanks much for the help.

 

[Griffyn]

There have been quite a few threads in recent months regarding this. Check some of the older posts, or use the search feature.

As far as I can recall, the spammers may have gotten into your system by authenticating themselves using a common account name and a weak password (or no password). They're then able to use your exchange server as if they were connected via your LAN.

You may also have somebody running a bot that's being controlled by a spammer (ie, you're generating spam within your network).

 

[wanster]

Another possibility is that you are generating tons of NDRs - do a Google on NDR or "non-delivery-responses" there's a lot out there. I ended up having to turn off my NDRs from my Exchange server. Now I don't send out NDR's (which is bad), but my server is a lot healthier.

check out

http://www.tek-tips.com/viewthread.cfm?qid=890553