Your exchange server is almost positive a open relay. You need to disallow relay right now. What is the domain of your exchange server and the IP address and I can test. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: KEN MORRIS [mailto:KMORRIS@xxxxxxx] Sent: Tuesday, September 23, 2003 6:52 PM To: [ExchangeList] Subject: Server help!! Possible comprimised over 6000 NDRs!!!! HELP! Importance: High Hello, As Exchange Admin (with little training unfortunately) I recieve the NDR's. Today I have recieved over 6000 NRD's all with subjects, email addresses both send and recieve that are not a part of our domain. I have checked to ensure that spoofing is disabled, yet I cannot figure out how we are being used. I can forward on one of the NRD's to anyone. I have not been able to figure a way to check the headers on the NDR. Here is a copy of the text for one of the NDR's: The following recipient(s) could not be reached: cathyb76@xxxxxxxxxxx on 9/23/2003 9:43 PM There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. <server.company #5.5.0 smtp;550 Requested action not taken: mailbox unavailable> I figure that by morning, my inbox will be once again filled, could you please forward any questions to k2keener@xxxxxxxxxxx as well as the list. I do not want to loose any responses. Thanks Ken