so many spam mails in our out queue 1

[EdenXia]

Dear All,
We use exchange 5.5 +sp4
in these days. There are so many mails in our IMS-->outbound messages awaiting delivery. And the Originator is not our domain name. I have done the following configuration
-->
in "routing restrictions" we select "hosts and clients that successfully authenticated"

How can I stop the spam.

By the way, we have to use POP3 in our client.


Best Regards.
Eden

 

[2802683]

Got the same issue. Some one is using an account either domain or local to spam from Exchange server. Accounts have to be renamed and or password reset.

 

[EdenXia]

But why in the outqueue ,the originator is not my domain or blank?

 

[SamovarovV]

Hi all!
I've recently made some research on this theme..
These messages are not relayed spam, they are NDR's, which come from administrator, thats why you see &quot;From: <>&quot;. Field &quot;To: <mopz05vjmn@FAMOUSANDREWS.NET>&quot; in NDR is because spammer's message have this reply address. Exchange is trying to send message to non existing address and NDR's may flood outgoing queue. This things happen because Exchange accepts ALL messages to it's MX domain, and ONLY after that it checking recipient address (it was a greate surprise for me!! try to use telnet on 25 port of your server and add your own message to queue !! ) . If appropriate mailbox doesn't exist exchange generate an NDR.
For axample spammer sends message to address abracadabra@your_domain.com and reply address is mopz05vjmn@FAMOUSANDREWS.NET. Exchange will recieve this mail, and generate NDR because there is no user abracadabra and message addressed to mopz05vjmn@FAMOUSANDREWS.NET will appear in queue.
The size of queue depends on spammers activity, by default, average timeout is two days. After it message will be removed from queue and NDR will go to IMS Admin.
This &quot;hole&quot; is in Exch5.5 and 2000, it's not dangerous by it self (eats traffic) but have some unpleasant consequences, because too many systems with exchange in the world.
To stop this try to use some filter, for example Open Relay Filter from Vampsoft, it will deny accept messages to non existing users.
I tryed to use sendmail as mail gateway between Inet and internal Exchange and stop these messages on this level.

 

[Marcs41]

Turn OFF NDR's to the internet, as well as Out of Office and Automatic replies.
This is what spammers use o determine which address is valid or not.
These setting are in your IMC.
Also, in the FAQs section here are some posts on spam and relaying, read them, you may have missed something.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[SamovarovV]

By the way, relay can be done even when routing restrictions applyed:

http://support.microsoft.com/default.aspx?scid=kb;en-us;251149