I have an exchange 2003 server with SP1 installed on SBS 2003. The server logs between 350 to 500 7004 errors a day. Here is an example:
This is an SMTP protocol error log for virtual server ID 1, connection #5506. The remote host "18.104.22.168", responded to the SMTP command "rcpt" with "550 RCPT TO:<email@example.com> User unknown ". The full command sent was "RCPT TO:<firstname.lastname@example.org> ". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp
This looks an awefull lot like my server is trying relaying UCE to other servers. I've read the eventid.net entry for 7004:
I've been to amset.info:
and followed all the steps listed yet I still get the 7004s.
I have tested that I am not an open relay.
I have followed the steps to determine if an authenticated user account is being used to relay, which it is not.
I have removed the ability of authenticated users to relay unless they are in the POP3 Relay group (described in the second link above) which is currently empty.
My server is a standalone SBS 2003 domain behind a PIX 501. I have no fixup protocol smtp 25, access-list, and static statements in place to get the smtp traffic to and from the server.
Legitimate email is flowing fine, but this has been going on for to long and I need to isolate this problem and resolve it before I get black listed. Please help :)