Exchange 5.5 possible email relay
Posted on 2006-07-04
We are running exchange 5.5 and over the last few weeks I have received a number of administrator outbound mail failures (administratot received all failure messages) here is a sample of the failure:
A mail message was not sent due to a protocol error.
554 delivery error: dd This user doesn't have a yahoo.com.tw account (email@example.com) [-5] - mta186.mail.tpe.yahoo.com The message that caused this notification was:
To: <firstname.lastname@example.org>; <email@example.com>; <firstname.lastname@example.org>; <email@example.com>; <firstname.lastname@example.org>; <email@example.com>
From: <C277I397z@My Mail Server Ip>
I quickly realized that my server was sending mail out at a significant rate as I was receiving about 1000 outbound failures a day. I have tested for open relay at abuse.net and we pass. Currently we have all incoming mail send to a spam firewall which forwards mail to the exchange server, so I have it setup to only recieve mail from that one IP address. I ran a virus scan and spyware scan but no luck. Any other places I can look?