SMTP Current Sessions Question

I am seeing mysterious users showing up under the "Current Sessions" for the default SMTP server on my exchange server.  I am positive that my server is not configured as an open relay and not quite sure what to make of this. Any ideas?
Who is Participating?
What do you mean by "mysterious"?

As long as your server is listening for and allowing SMTP connections you will probably see "mysterious" connections.  If you are not an open relay then you shouldn't have to worry about these.  The fact is spammers may be trying to use your server...but will obviously fail if you are set up properly.

If you have consistent mysterious connections you can control that by configuring connection control on the SMTP virtual server.  You could deny connection by IP or domain.

andreacadiaAuthor Commented: then it s normal to see sessions from users that i do not recognize?
Heaps of mass mailer viruses have come out this last week( a new version of SOBER?) that are doing this.  If you look in the Message tracking Centre you can see them coming in with the correct email addresses(from the SMTP envelope), but the names in if the TO: field of the header has the bogus names.

Some will try for ages to find a address that accepts mail.  Try turining of connection filtering with blacklist checking, it helps a bit.  A connection does not indicate a sucessful mail transfer.;en-us;823866
" then it s normal to see sessions from users that i do not recognize?"

Yes.  as long as this is a server that is a valid MX server for your domain.  You will see connections from everyone that is trying to send your organization email.

As Geoff states, it is possible that a persistent connection could potentially be the result of a virus.  It is also possible that a single sender is sending a "mass mailer" email to each one of your users...the servers would have to stay connected for a while to transfer these messages.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.