Smtp queue full again, can't stop the crap from pouring in....HELP !

My previous posted question - thought the problem was solved...
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21180509.html

I turned on logging for msexchangetransport, smpt, to max...
here is a copy of the ndr report...does this mean an authenticated user is causing these problems ?
My queue is FULL again !!!  AHHHHHHH!!

Ex 1.
This is an SMTP protocol error log for virtual server ID 1, connection #78. The remote host "207.115.57.17", responded to the SMTP command "rcpt" with "553 5.3.0 <tmcfarland@pacbell.net>... Addressee unknown, relay=[66.151.184.131]  ". The full command sent was "RCPT TO:<tmcfarland@pacbell.net>  ".  This will probably cause the connection to fail.

Ex 2.
This is an SMTP protocol warning log for virtual server ID 1, connection #77. The remote host "151.164.30.65", responded to the SMTP command "mail" with "451 4.7.7 Excessive userid unknowns from 66.151.184.131  ". The full command sent was "MAIL FROM:<messmerited@bigpond.com>  ".  This may cause the connection to fail.

Ex 3.
This is an SMTP protocol error log for virtual server ID 1, connection #76. The remote host "208.45.133.107", responded to the SMTP command "rcpt" with "550 <tmcgrath2@excite.com>: Recipient address rejected: User unknown in virtual alias table  ". The full command sent was "RCPT TO:<tmcgrath2@excite.com>  ".  This will probably cause the connection to fail.

Any new ideas ?
Thx.
LVL 1
flyfreakAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
Did you enable unknown user filtering?

http://www.amset.info/exchange/filterunknown.asp

You may have to go through the queue cleaning procedure once again.
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
flyfreakAuthor Commented:
Unknown user filtering is enabled.
allow auth users to relay regardless of the list above is checked.
queues were clean, but they fill up again and again.
I also added another domain to Internet Message Formats, one as *, which allows NDR's, and one for my actual domain, which is set to not send NDR's.

here is what my event log is full of...
A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;beaulah83@tampabay.rr.com (Message-ID <EGEXCH01tDAFQSu0bO40001f811@medford-mail.elizabethgrady.com>).  
Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.  
For more information, click http://www.microsoft.com/contentredirect.asp.    
Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.

AND
A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;dova@gainv.mindspring.com (Message-ID <EGEXCH01R24FCObwJiH0001f6db@medford-mail.elizabethgrady.com>).  
Causes: This message indicates a DNS problem or an IP address configuration problem  
Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
For more information, click http://www.microsoft.com/contentredirect.asp.
***these errors are only for mindspring.com addresses***

What is letting these messages into my Exchange server ?????
0
 
SembeeCommented:
Do you have people sending email through your Exchange server using SMTP? I don't mean receiving email, but staff or others with Outlook Express etc? If so then you can disable the option about authenticated users.

Otherwise you are continue to get NDRs. Personally I would delete the other Internet Message Format configuration and disable NDRs on the * - at least for a little while. See if the messages continue to build.

Simon.
0
 
flyfreakAuthor Commented:
Finally, its fixed.
I turned off allow auth. users to relay regardless of list above.
I created the bogus connector, dumped all the crap into one queue, deleted everything.
I waited for no more mail to come in, deleted the connector, restarted SMTP virtual service.
Queues stayed empty.
This morning, as a test I turned allow auth users to relay on again.
Queues did NOT fill up !!!
So could it just have been an overload of retries that cause all the NDR's ?
Anyway, its fixed !!!
0
All Courses

From novice to tech pro — start learning today.