MessageHi there Tom, Yeah, that was one of my initial thoughts too. I ran Ethereal on the mail server and filtered by port 25. The packets I captured would display the originating and destination email addresses and I then verified that they were being queued by using the Message Tracking portion of System Manager. All IP addresses referenced in the packets were from outside sources. It has me stumped! Craig ----- Original Message ----- From: Thomas W Shinder To: [ExchangeList] Sent: Saturday, September 25, 2004 9:54 PM Subject: [exchangelist] RE: Relay Nightmare http://www.MSExchange.org/ Hi Craig, Do a NetMon trace and identify the source IP address of the relayed spam. It could be that your users are infected with a spam generator and the spammer is leveraging their authenticated connections. HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Craig_Weil [mailto:craig_weil@xxxxxxxxxxx] Sent: Friday, September 24, 2004 2:02 PM To: [ExchangeList] Subject: [exchangelist] Relay Nightmare http://www.MSExchange.org/ Running Exchange 2000, default settings for the smtp virtual server... (Anonymous Access - so we can receive outside email, Basic Authentication, Integrated Windows Authentication all checked, Relay restrictions set to "Only the list below" which is empty and "Allow all computers which successfully authenticate to relay..." checked so that employees can send mail while connected to another ISP, Outbound Security options set as default - Anonymous Access checked) My server is STILL relaying mail. I can look in any number of queues and it's like a clearing house for spam. Any ideas? Much appreciation! Craig ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: craig_weil@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx