Open relay? Unauthorized outbound mail stuck in queues.
Posted on 2007-03-20
When I checked the outbound queues on our Exchange 6.5, there were 1500 outbound queues to various mail servers..... aaa.com, aaaa.com, aaaaa.com, etc. The emails were definately not created by our organization, but list <community care> as the sendee. The queues are all in "retry" states, and have been for several hours. The protocols are all SMTP and the source is the Default SMTP virtual server.
Checking the settings on our Default SMTP Virtual Server in Exchange, the relay restrictions list access only to our internal subnet ranges and "all computers which successfully authenticate". We also have an IIS server with a smtp virtual server as well, and it has the same settings. The only change we've made recently is to open the smtp server on the IIS to accept internal mail...i.e., from 192.168.25.x.
---- update ----
We're now having emails refused, so it looks like we've been placed on a blacklist at spamcop.net. The associated message on spamcop's site says, "DNS error: xx.xx.xx.xx is cdm-xx-xx-xx-xx.pars.cox-internet.com. but cdm-xx-xx-xx-xx.pars.cox-internet.com. has no DNS information" ... Is this related, and how do I resolve this?