Worried about entries in exchange logs possible forgery or relaying?

This is my first exchange install so forgive any stupid questions. I was browsing through my exchange logs and cam across this entry and a number of others  that seem to be similar. This one worried me a little, it says the the recipient is a yahoo account that is suspened due to forgery. Is this something I should be worried about. and if it is, what can i do to fix it. Thanks so much guys

2007-11-28 11:56:21 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 220+mta157.mail.kcd.yahoo.co.jp+ESMTP+YSmtp+service+ready 0 0 57 0 609 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionCommand SMTPSVC1 SERVER2007 - 25 EHLO - server2007.mydomain 0 0 4 0 609 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 250-mta157.mail.kcd.yahoo.co.jp 0 0 31 0 797 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionCommand SMTPSVC1 SERVER2007 - 25 MAIL - FROM:<>+SIZE=7343 0 0 4 0 797 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 250+null+sender+<>+ok 0 0 21 0 1000 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionCommand SMTPSVC1 SERVER2007 - 25 RCPT - TO:<jywvt300gatz@yahoo.co.jp> 0 0 4 0 1000 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 553+VS10-RT+Possible+forgery+or+deactivated+due+to+abuse+(#5.1.1)+jywvt300gatz@yahoo.co.jp 0 0 90 0 1203 SMTP - - - -
2007-11-28 11:56:21 124.147.39.208 OutboundConnectionCommand SMTPSVC1 SERVER2007 - 25 RSET - - 0 0 4 0 1203 SMTP - - - -
2007-11-28 11:56:22 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 250+reset+ok 0 0 12 0 1703 SMTP - - - -
2007-11-28 11:56:22 124.147.39.208 OutboundConnectionCommand SMTPSVC1 SERVER2007 - 25 QUIT - - 0 0 4 0 1703 SMTP - - - -
2007-11-28 11:56:22 124.147.39.208 OutboundConnectionResponse SMTPSVC1 SERVER2007 - 25 - - 221+mta157.mail.kcd.yahoo.co.jp 0 0 31 0 1906 SMTP - - - -
andrewm123Asked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
If the messages are postmaster@ then they could be OOTO messages as I have already outlined. Most spam is spoofed so anything that does auto replies will fail to send correctly. 15 messages is not really a high number. If the server was being abused I would expect it to be 15,000 messages.

Simon.
0
 
SembeeCommented:
It could be simply your server sending out an Out of the Office message to a spam email.
If your server is being abused you can usually tell as there will be a lot of messages stuck in the queues.

Simon.
0
 
andrewm123Author Commented:
I just looked at the ques and there are about 15 messages stuck. however they are all from the postmaster account, are those non-deliverable messages trying to be sent to spam address?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
andrewm123Author Commented:
so should i clear them or let them time out on there own?
0
 
andrewm123Author Commented:
oops, i meant to add that comment here.
sorry
so i guess i should just let them time out on there owm.
0
 
SembeeCommented:
If there aren't many of them, then let them timeout. Or you could delete them manually.

Simon.
0
 
andrewm123Author Commented:
thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.