We're using MessageLabs to scan all our incoming email (on a SBS2k3 server) for spam and viruses which works via redirecting the MX record to them and then allowing their IP's to send mail in via filtering on the router. A block filter has been set on incoming traffic to their IP and Allow rules allowing the MessageLabs IP's to send through to the mail server on port 25. There are no SMTP connectors or POP connectors setup.
My issue is that I'm still receiving spam as it seems to be coming directly to the mail server and not via the MX record / MessageLabs. A lot of spam is being filtered by Messagelabs but some is still getting in somehow.
Sample header from a spam emails <MYDOMAIN> and <MY IP>, <INTERNAL EMAIL ADDY> are valid details for inside the network.
Microsoft Mail Internet Headers Version 2.0
Received: from 125-229-210-44.dynamic.hin
et.net ([126.96.36.199]) by <MY DOMAIN> with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 10 Oct 2007 13:57:59 +1000
Received: from [188.8.131.52] by no.com; Wed, 10 Oct 2007 03:57:58 +0000
From: "daren chance" <firstname.lastname@example.org>
To: <INTERNAL EMAIL ADDY>
Subject: Ciao, baby! :) Lenard Burnette.
Date: Wed, 10 Oct 2007 02:10:35 +0000
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-OriginalArrivalTime: 10 Oct 2007 03:57:59.0632 (UTC) FILETIME=[BF806D00:01C80AF
I've read http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21055840.html
as I did originally get this message as well, and have enabled recipient filtering which seems to have stopped the queues going ballistic. I'm also about to enable 'Reset password on next logon' on all user accounts.
I'm kinda confused as to how the mail is still getting in - can anyone offer any advice or pointers?