SMTP Connector Full of Spam!

HEy EVeryone,

I am having another issue with a client running SBS Server 2000 with Exchange 2000. The SMTP connector is sending out spam like crazy, and I cant find where it is coming from! I figured it was a reverse NDR attack, but I have turned off NDR's a month ago. I have tested the Port 25 to make sure it is not an open relay, which it is not. I have ran every Anti Virus solution out there. Anyideas where this is coming from? Here is a bit of the SMTP logging that I have captured.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 45 0 79 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 125 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 219 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 297 SMTP - - - -
2004-10-22 17:37:50 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 297 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 99 0 1485 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 1485 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 1579 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 1579 SMTP - - - -
2004-10-22 17:37:51 65.248.18.232 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 7 0 1657 SMTP - -
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any ideas on what this may be??? I am not sure how to decipher the SMTP logs! TIA...Chris
gqchrisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

munichpostmanCommented:
Do you have virus scanners on your Exchange Server?

0
munichpostmanCommented:
Sorry I see you have Antivirus software on your system.

Can you post more information from your SMTP Log?

Are all the ndrs going to the same addresses?
0
munichpostmanCommented:
On the SMTP Virtual Server properties, click on the connection tab. Have you restricted access to the server to the ipaddresses of your smart host and your internal exchange servers?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

gqchrisAuthor Commented:
Here is some more of the log!

004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 48 32 0 SMTP - - - -
2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 40 0 SMTP - - - -
2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 27 0 SMTP - - - -
2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 83 4139 328 SMTP - - - -
2004-10-22 18:58:36 66.17.206.80 post3.hotshoppingdirect.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 719 70 4 0 SMTP - - - -
2004-10-22 18:58:51 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 453 SMTP - - - -
2004-10-22 18:58:51 211.41.82.122 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 453 SMTP - - - -
2004-10-22 18:58:51 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 906 SMTP - - - -
2004-10-22 18:58:52 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1562 SMTP - - - -
2004-10-22 18:58:52 211.41.82.122 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1562 SMTP - - - -
2004-10-22 18:58:52 211.41.82.122 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2078 SMTP - - - -
2004-10-22 18:58:53 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 484 SMTP - - - -
2004-10-22 18:58:53 211.41.82.119 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 484 SMTP - - - -
2004-10-22 18:58:53 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 984 SMTP - - - -
2004-10-22 18:58:54 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1625 SMTP - - - -
2004-10-22 18:58:54 211.41.82.119 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1625 SMTP - - - -
2004-10-22 18:58:54 211.41.82.119 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2109 SMTP - - - -
2004-10-22 18:58:56 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 485 SMTP - - - -
2004-10-22 18:58:56 211.41.82.118 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 485 SMTP - - - -
2004-10-22 18:58:56 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 969 SMTP - - - -
2004-10-22 18:58:57 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1563 SMTP - - - -
2004-10-22 18:58:57 211.41.82.118 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1563 SMTP - - - -
2004-10-22 18:58:57 211.41.82.118 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1985 SMTP - - - -
2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 390 SMTP - - - -
2004-10-22 18:58:58 211.41.82.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 390 SMTP - - - -
2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 781 SMTP - - - -
2004-10-22 18:58:58 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1359 SMTP - - - -
2004-10-22 18:58:58 211.41.82.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1359 SMTP - - - -
2004-10-22 18:59:00 211.41.82.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1843 SMTP - - - -
2004-10-22 18:59:00 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 454 SMTP - - - -
2004-10-22 18:59:00 211.41.82.123 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 454 SMTP - - - -
2004-10-22 18:59:01 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 922 SMTP - - - -
2004-10-22 18:59:01 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1516 SMTP - - - -
2004-10-22 18:59:01 211.41.82.123 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1516 SMTP - - - -
2004-10-22 18:59:02 211.41.82.123 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2016 SMTP - - - -
2004-10-22 18:59:02 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 406 SMTP - - - -
2004-10-22 18:59:02 211.41.82.120 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 406 SMTP - - - -
2004-10-22 18:59:03 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 828 SMTP - - - -
2004-10-22 18:59:03 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1453 SMTP - - - -
2004-10-22 18:59:03 211.41.82.120 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1453 SMTP - - - -
2004-10-22 18:59:04 211.41.82.120 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 1922 SMTP - - - -
2004-10-22 18:59:04 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 31 0 468 SMTP - - - -
2004-10-22 18:59:04 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 468 SMTP - - - -
2004-10-22 18:59:06 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 937 SMTP - - - -
2004-10-22 18:59:06 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 1609 SMTP - - - -
2004-10-22 18:59:06 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 1609 SMTP - - - -
2004-10-22 18:59:07 211.41.82.124 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 199 0 2109 SMTP - - - -
2004-10-22 18:59:07 211.41.82.124 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 2109 SMTP - - - -
2004-10-22 18:59:08 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 50 22 0 SMTP - - - -
2004-10-22 18:59:19 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 41 0 SMTP - - - -
2004-10-22 18:59:37 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 28 0 SMTP - - - -
2004-10-22 18:59:55 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 1016 12594 SMTP - - - -
2004-10-22 19:00:00 193.249.135.93 netcentral.com.au SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 56891 70 4 0 SMTP - - - -
2004-10-22 19:00:12 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 48 39 0 SMTP - - - -
2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 HELO 250 0 49 28 0 SMTP - - - -
2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 46 33 0 SMTP - - - -
2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 33 30 0 SMTP - - - -
2004-10-22 19:00:15 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 41 29 0 SMTP - - - -
2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 136 1717 563 SMTP - - - -
2004-10-22 19:00:15 206.190.38.82 web50506.mail.yahoo.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 1062 70 4 0 SMTP - - - -
2004-10-22 19:00:16 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 30 28 0 SMTP - - - -
2004-10-22 19:00:21 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 117 1011 3937 SMTP - - - -
2004-10-22 19:00:21 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 EHLO 250 0 323 13 0 SMTP - - - -
2004-10-22 19:00:24 24.61.118.80 h0050da2be85b.ne.client2.attbi.com SMTPSVC1 CAELWYN01 208.57.69.164 0 QUIT 240 12922 70 4 0 SMTP - - - -
2004-10-22 19:00:32 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 52 40 0 SMTP - - - -
2004-10-22 19:00:34 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 33 30 0 SMTP - - - -
2004-10-22 19:00:38 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 497 2797 SMTP - - - -
2004-10-22 19:00:39 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 56 44 16 SMTP - - - -
2004-10-22 19:00:41 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 29 26 0 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 100 0 187 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 187 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 101 0 234 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 234 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 52 0 312 SMTP - - - -
2004-10-22 19:00:41 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 76 0 468 SMTP - - - -
2004-10-22 19:00:42 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 468 SMTP - - - -
2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 21 0 515 SMTP - - - -
2004-10-22 19:00:42 64.164.98.53 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 750 SMTP - - - -
2004-10-22 19:00:42 64.164.98.53 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 46 0 781 SMTP - - - -
2004-10-22 19:00:48 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 462 4562 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 109 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 109 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 203 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 203 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 312 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 406 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 406 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 500 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 640 SMTP - - - -
2004-10-22 19:00:48 205.188.156.185 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 671 SMTP - - - -
2004-10-22 19:00:49 205.188.156.185 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 781 SMTP - - - -
2004-10-22 19:00:52 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 54 42 0 SMTP - - - -
2004-10-22 19:00:53 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
2004-10-22 19:00:59 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 462 4609 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 64 0 94 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 94 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 188 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 188 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 282 SMTP - - - -
2004-10-22 19:00:59 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 282 SMTP - - - -
2004-10-22 19:01:01 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 59 47 0 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 79 0 172 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 172 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 42 0 344 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 344 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 51 0 531 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 531 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 42 0 703 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 703 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 46 0 875 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 48 0 1078 SMTP - - - -
2004-10-22 19:01:03 202.30.143.100 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 1078 SMTP - - - -
2004-10-22 19:01:04 202.30.143.100 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 65 0 1250 SMTP - - - -
2004-10-22 19:01:08 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 32 29 0 SMTP - - - -
2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10375 SMTP - - - -
2004-10-22 19:01:10 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 10375 SMTP - - - -
2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 10469 SMTP - - - -
2004-10-22 19:01:10 12.102.240.23 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 10657 SMTP - - - -
2004-10-22 19:01:10 12.102.240.23 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10750 SMTP - - - -
2004-10-22 19:01:12 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 468 2984 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 83 0 109 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 109 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 218 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 218 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 312 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 312 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 406 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 406 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 515 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 734 SMTP - - - -
2004-10-22 19:01:12 205.188.158.121 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 765 SMTP - - - -
2004-10-22 19:01:13 205.188.158.121 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 859 SMTP - - - -
2004-10-22 19:01:13 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 43 31 0 SMTP - - - -
2004-10-22 19:01:15 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 31 28 0 SMTP - - - -
2004-10-22 19:01:19 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 433 2750 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 69 0 94 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 94 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 25 0 297 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 297 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 391 SMTP - - - -
2004-10-22 19:01:19 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 391 SMTP - - - -
2004-10-22 19:01:23 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 50 38 0 SMTP - - - -
2004-10-22 19:01:24 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 37 34 0 SMTP - - - -
2004-10-22 19:01:29 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 440 2859 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 94 0 344 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 344 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 111 0 437 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 437 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 50 0 562 SMTP - - - -
2004-10-22 19:01:29 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 562 SMTP - - - -
2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 52 0 672 SMTP - - - -
2004-10-22 19:01:30 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 672 SMTP - - - -
2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 21 0 765 SMTP - - - -
2004-10-22 19:01:30 69.156.240.34 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 890 SMTP - - - -
2004-10-22 19:01:30 69.156.240.34 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 56 0 984 SMTP - - - -
2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 20 0 10484 SMTP - - - -
2004-10-22 19:01:30 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RSET 0 0 4 0 10484 SMTP - - - -
2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 10563 SMTP - - - -
2004-10-22 19:01:30 63.240.76.6 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 10703 SMTP - - - -
2004-10-22 19:01:30 63.240.76.6 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 25 0 10813 SMTP - - - -
2004-10-22 19:01:32 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 53 41 0 SMTP - - - -
2004-10-22 19:01:34 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 35 32 0 SMTP - - - -
2004-10-22 19:01:47 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 496 8625 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 110 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 110 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 219 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 313 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 313 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 422 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 422 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 516 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 797 SMTP - - - -
2004-10-22 19:01:47 64.12.137.89 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 828 SMTP - - - -
2004-10-22 19:01:48 64.12.137.89 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 922 SMTP - - - -
2004-10-22 19:01:48 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 47 35 0 SMTP - - - -
2004-10-22 19:01:50 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
2004-10-22 19:01:55 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 440 3375 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 82 0 110 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 110 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 219 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 219 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 344 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 344 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 438 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 DATA 0 0 4 0 438 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 54 0 531 SMTP - - - -
2004-10-22 19:01:55 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 6 0 875 SMTP - - - -
2004-10-22 19:01:56 64.12.138.152 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 891 SMTP - - - -
2004-10-22 19:01:56 64.12.138.152 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 27 0 1000 SMTP - - - -
2004-10-22 19:01:58 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 MAIL 250 0 55 43 0 SMTP - - - -
2004-10-22 19:02:03 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 RCPT 250 0 27 24 0 SMTP - - - -
2004-10-22 19:02:08 200.71.98.26 blustery SMTPSVC1 CAELWYN01 208.57.69.164 0 DATA 250 0 134 481 3547 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 118 0 32 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 EHLO 0 0 4 0 32 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 60 0 63 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 MAIL 0 0 4 0 63 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 47 0 94 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 RCPT 0 0 4 0 94 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 19 0 125 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 BDAT 0 0 4 0 125 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 - 0 0 81 0 204 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionCommand SMTPSVC1 CAELWYN01 - 25 QUIT 0 0 4 0 235 SMTP - - - -
2004-10-22 19:02:08 64.4.50.239 OutboundConnectionResponse SMTPSVC1 CAELWYN01 - 25 -

0
gqchrisAuthor Commented:
When I click on Connection, it is clicked on "Allow all except list below".

What would I pointt hat to, the ip of the server?
0
gqchrisAuthor Commented:
Ok I pointed it to the IP of the server, only allowing it to connect. Should that clear it up? And what was happening so I can prevent this next time:) Thanks for the help!!
0
munichpostmanCommented:
You use the Connection button to specify which IP addresses your Virtual server will or will not talk to. Choose the only the list below option means that you want to allow connections from the listed servers and no one else. In my organisation we list only the Exchange 2003 systems which will connect to the Bridgehead server, and the Smarthost which connects to the Server to deliver mail from the Internet to the Exchange Organisation.

This stops rogue application servers in your organisation, or users within your organisation connecting to your Exchange Server and using it to relay mail. It could be that someone has developed an application within your organisation that has carried out a DNS lookup for an MXrecord, found your server and was using it to incorrectly relay mails.

Always lock down your exchange server so that only hosts which you approve connect to it.
0
SembeeCommented:
What is "blustery" in the logs? Is that a username on your domain? If so, get its password changed. You might be the victim of a authenticated user relay.
Do you have any users connecting to your server to send email via SMTP - using Outlook Express or something like that? If not then you can disable "authenticated users can relay" option as well.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gqchrisAuthor Commented:
Hey Sembee,

The only Outlook Express we have going is a user using his Earhlink acount to ping his personal box, otherwise we dotn use that, only Outlook. I have no idea who blustery is, and I will disable the authenticated users can relay option right now....

Thanks..
Chris
0
munichpostmanCommented:
I would also turn on account auditing, then look for event ID 528. The SMTP service logs failed logons when auditing is enabled.
0
gqchrisAuthor Commented:
Ok Guys,

I had locked down the Connection button to only allow the server to be able to talk to the SMTP Virtual, well I realized that by doing that, no other mail can come in from the internet! So I had to unapply that so we can continue to receive mail. Do I need to use the smart host to lock the server down? How do I set that up? Not even sure what that is:) I am stumped here on how to clear the issue up. If I lock down thew connection button, no other mail servers can send mail into the organization right? When I only allow the server to talk, I cant even telent into port 25:(
0
SembeeCommented:
You locked it down too hard.

On authentication on the SMTP virtual server you need to have all three options enabled - including anonymous.
That should be it.
On the relay restrictions, the "Only the list below" should be selected and the list should be empty. If you don't have any users sending email via SMTP from Outlook Express then you can disable authenticated user option as well.

Under connection it should be "All except the list below" and the list below will usually be empty, unless you want to filter out specific systems from connecting to your server.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.