I had the same problem ... under the relay on the smtp default server, I needed to uncheck "allow to relay regardless of the list above" ... here is what I gathered from microsoft q papers (can't find them right now ...) .. you have to have anonymous authentication checked, and IF you also have "allow to relay regardless of the list above" checked, then spammers authenticate anonymously to your server to relay .... I think most of the spam is caught (i.e. that is why you have 6000 ndrs) ... but it still ends up that you are processing all those emails ... mike -----Original Message----- From: Craig Weil [mailto:craig_weil@xxxxxxxxxxx] Sent: Tue 9/23/2003 10:14 PM To: [ExchangeList] Cc: Subject: [exchangelist] Re: Server help!! Possible comprimised over 6000 NDRs!!!! HELP! http://www.MSExchange.org/ By "spoofing" do you mean that you're sure that your server is configured to disallow relaying? Craig A. Weil Network Administrator ----- Original Message ----- From: "KEN MORRIS" <KMORRIS@xxxxxxx> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> Sent: Tuesday, September 23, 2003 6:51 PM Subject: [exchangelist] Server help!! Possible comprimised over 6000 NDRs!!!! HELP! > http://www.MSExchange.org/ > > > This is a multi-part message in MIME format. > ---------------------------------------------------------------------------- ---- > Hello, > > As Exchange Admin (with little training unfortunately) I recieve the NDR's. > Today I have recieved over 6000 NRD's all with subjects, email addresses both > send and recieve that are not a part of our domain. > I have checked to ensure that spoofing is disabled, yet I cannot figure out > how we are being used. > > I can forward on one of the NRD's to anyone. I have not been able to figure a > way to check the headers on the NDR. Here is a copy of the text for one of > the NDR's: > > The following recipient(s) could not be reached: > > cathyb76@xxxxxxxxxxx on 9/23/2003 9:43 PM > There was a SMTP communication problem with the recipient's email server. > Please contact your system administrator. > <server.company #5.5.0 smtp;550 Requested action not taken: mailbox > unavailable> > > I figure that by morning, my inbox will be once again filled, could you > please forward any questions to k2keener@xxxxxxxxxxx as well as the list. I > do not want to loose any responses. > > Thanks > > Ken > > ---------------------------------------------------------------------------- ---- > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSExchange.org Discussion List as: craig_weil@xxxxxxxxxxx > To unsubscribe send a blank email to leave-exchangelist-1661321N@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: wohlgemuthm@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to leave-exchangelist-1661321N@xxxxxxxxxxxxx