Our clients are receiving a number of NDR's for ficticious names BUT the correct domain names.
Below is an example of the error from the daily performance report.
Source Event ID Last Occurrence Total Occurrences
MSExchangeTransport 7010 22/11/2006 04:14 35 *
This is an SMTP protocol log for virtual server ID 1, connection #106. The client at "220.127.116.11" sent a "helo" command, and the SMTP server responded with "501 5.5.4 Invalid Address ". The full command sent was "helo |http://mail.oldartero.com:8889/cgi-bin/put
". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp
We did setup some monitoring on this server because we thought they were an open relay - but can remember where we set-up the monitoring or even if these NDR's are a result of that monitoring.
Either way, are these NDR's normal - is there a problem and can it be fixed????