Testing relay by telneting does not always tell the whole story. Is there any software that is severing as a gateway? (AV software) Is there a user whose password could have become compromised? Is there any relaying allowed by IP address? Could the % hack been used? (A to address like remoteuser%remotedomain.com@xxxxxxxxxxxxxxx <mailto:remoteuser%25remotedomain.com@xxxxxxxxxxxxxxx> ) Some mail servers (I am not sure about Exchange) will see that, receive it, and then send it to remoteuser@xxxxxxxxxxxxxxxxx Have you checked the logs for how those messages were received? Is message tracking turned on? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: Mike Pfeiffer [mailto:mike@xxxxxxxxxxx] Sent: Wednesday, October 08, 2003 12:28 PM To: [ExchangeList] Subject: [exchangelist] relay question http://www.MSExchange.org/ I just came across an Exchange 2000 server at a customer site that has hundreds of messages in the outbound queue. The server is not currently an open relay (tested using the telnet method) but all of the messages are from addresses from outside domains to users in outside domains. Why would these messages get put in remote delivery queue if the server doesn't allow unknown users to relay mail? Thanks for any help ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')