Doug, Gettting the "bad guys" out there can be difficult if they know what they're doing, but I have a couple of suggestions: Received: from 156.60.99.159 ([61.59.35.117] RDNS failed) by mail1.ogh.org with Microsoft SMTPSVC(5.0.2195.5329); Tue, 27 May 2003 10:49:03 -0400 If the address in square brackets is the same or similar each time then you may be able to do something. If the same then they should be "always on" and you can report the address to their ISP. Looking up this address tells me that it is a dial-up account with SeedNet in Taiwan, so the only other option would be to make a list of the relay attempts and forward that to the ISP (poss. abuse@xxxxxxxxxxx ?). Unlikely to get results though, must admit. You could also configure your relay to only accept sending hosts with valid RDNS - which this one doesn't - although I'm afraid I don't know how to set it up with your config. Jamie. -----Original Message----- From: Stelley, Doug [mailto:dstelley@xxxxxxx] Sent: Wednesday, 28 May 2003 5:12 AM To: [ExchangeList] Subject: [exchangelist] Relay part II http://www.MSExchange.org/ OK, I believe we cured that one. Whether it was a flaw, a hack or what I don't know, but by uninstalling/re-installing the SMTP services on that server, we were able to "cure" it. I reinstalled the GFI suite, and I believe all is well again. Now when I try to relay I get the "unable to relay" message instantly, life is good again. Now if I only can shoot a billion volts of electric through to that MF'er in Taiwan who helped himself to my services, I'd be a happy man. Thanks all :-) Doug Stelley Network Admin. Olean General Hospital (716)375-7320 It is my ambition to say in ten sentences what others say in a whole book. - Friedrich Nietzsche ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: jabyrnes@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') _______________________ Confidentiality Notice: The information contained in this message may be legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any release, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error please notify the author immediately by replying to this message and deleting the original message. Thank you.