This is an SMTP protocol warning log for virtual server ID 1, connection #15


I am getting the following error in my Event Viewer:

This is an SMTP protocol warning log for virtual server ID 1, connection #15. The remote host "", responded to the SMTP command "mail" with "453 #4.1.8 Domain of sender address <> does not exist  ". The full command sent was "MAIL FROM:<> SIZE=5668  ".  This may cause the connection to fail.

I picked this up when I received an email from my ISP saying that my mail server was sending excessive spam. I enabled logging on SMTP and received the above error message. It continually occurs at random intervals - at least once every 10 minutes or so. I believe it is spam as I do not recognize the Mail From address. I have blocked the domain in ISA using the SMTP filter but I still get the message showing up in event viewer.

SMTP relay is disabled on my server.

Please advise me as to what should be my next step in:

1- making sure my server isnt being used to send spam
2- stopping the error from showing up in my event viewer

Gavin McMillan
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TG TranIT guyCommented:
What you are facing is spammers using spoofing against your server.
Let say I am a spammer from, I send an email to with the sender address as (a valid address).  Your server received the message and check your AD but no one with "devil" email address.  It then sends the message back to the sender saying the "devil" does not exist (NDR - non-delivery report); so, in effect, the spammer send a message to via your server's NDR mechanism.

The errors you see are just those messages bounced back from the other servers - wrong addresses.

One thing you can do to stop this right now is to disable NDR on Exchange, see this KB

Then, you may want to implement IMF.  However, the long term solution is to enlist a 3rd party spam filtering like Postini (save your bandwidth by receiving only good filtered messages) or something like a Barracuda box.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gavinandrewmcmillanAuthor Commented:
Hi tgran

Thanks for your comment, I will disable NDR and see how that all goes. I added the domain to the blocked list in ISA SMTP Filter and havent had any issues at this point, will keep an eye on it though.

Also curious, at present I have Trend Micro Client Server Messaging suite for SMB as my antivirus/spam etc solution, it hasnt seemed to have picked this up, would you consider that a hardware solution may be better than Software?

I will award you the points as you have explained what the issue was and how to fix it!

Gavin McMillan
gavinandrewmcmillanAuthor Commented:
Hi, thanks again for the answer, figured id leave feadback!

Was really happy with the structure of your answer... addressed the question, explained it clearly and gave a good solution.

TG TranIT guyCommented:
Trend CSM filters spam that directs to valid users.  What you would need is something that can filter the recipient on the message against a list of internal email addresses.
Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.