I was hoping to get some feedback on a critical problem I've been having for the last couple of weeks. I'm running NT 4.0 and Exchange 5.5. A couple of weeks ago users began complaining about long delivery times on outbound emails. When I checked the server, the outbound queue was filled with tons of NDRs resulting from spam messages. After some testing, I figured it was an open relay and the spam was been relayed through the system and not created internally from a trojan or virus (a few different scans seemed to verify this). After installing some of the latest service packs for Exchange and performing other tasks (some of which I read here - thanks!) I still couldn't get the NDRs to stop clogging the outbound queue. Here's a run down of everything I've done so far:
Disabled the Guest account
Deleted any unused accounts and disabled and accounts that are not in use.
Changed all passwords to difficult ones
Changed the Exchange Service Account - used a difficult password.
REINSTALLED EXCHANGE SERVER 5.5
Installed ALL the service packs for Exchange 5.5
Re-closed the relay (IMS Properties - Routing - Routing Restrictions - checked "Hosts and Clients With These IP Addresses" and did not enter any addresses)
The NDRs are still being created. Sometimes it slows down, sometimes it's thousands per hour. For a day, I thought it was fixed, but over the weekend, there were 20,000 NDRs in the outbound queue by Monday morning. The logs seem to point to a bunch of inbound SMTP connections being accepted from various hosts whenever the IMS service is started. Where and how can I stop these IPs from connecting? There's dozens, maybe hundreds of connections being received and stopping those IP addresses at the firewall could take weeks. If I only allow SMTP connections to/from my ISPs IP addresses, would that work, since the mail is directed through their DNS servers? I'm at a complete loss for ideas. I'm not the most experienced tech when it comes to this stuff, but I'm the only one at my office with enough experience to work on it. Thanks for any help!