We help IT Professionals succeed at work.

This is an SMTP protocol warning log for virtual server ID 1, connection #15

Medium Priority
Last Modified: 2013-11-30

I am getting the following error in my Event Viewer:

This is an SMTP protocol warning log for virtual server ID 1, connection #15. The remote host "", responded to the SMTP command "mail" with "453 #4.1.8 Domain of sender address <jramos@ranido.com> does not exist  ". The full command sent was "MAIL FROM:<jramos@ranido.com> SIZE=5668  ".  This may cause the connection to fail.

I picked this up when I received an email from my ISP saying that my mail server was sending excessive spam. I enabled logging on SMTP and received the above error message. It continually occurs at random intervals - at least once every 10 minutes or so. I believe it is spam as I do not recognize the Mail From address. I have blocked the domain in ISA using the SMTP filter but I still get the message showing up in event viewer.

SMTP relay is disabled on my server.

Please advise me as to what should be my next step in:

1- making sure my server isnt being used to send spam
2- stopping the error from showing up in my event viewer

Gavin McMillan
Watch Question

IT guy
What you are facing is spammers using spoofing against your server.
Let say I am a spammer from spammer@baddomain.com, I send an email to devil@yourdomain.com with the sender address as me@mydomain.com (a valid address).  Your server received the message and check your AD but no one with "devil" email address.  It then sends the message back to the sender saying the "devil" does not exist (NDR - non-delivery report); so, in effect, the spammer send a message to me@mydomain.com via your server's NDR mechanism.

The errors you see are just those messages bounced back from the other servers - wrong addresses.

One thing you can do to stop this right now is to disable NDR on Exchange, see this KB

Then, you may want to implement IMF.  However, the long term solution is to enlist a 3rd party spam filtering like Postini (save your bandwidth by receiving only good filtered messages) or something like a Barracuda box.


Hi tgran

Thanks for your comment, I will disable NDR and see how that all goes. I added the domain to the blocked list in ISA SMTP Filter and havent had any issues at this point, will keep an eye on it though.

Also curious, at present I have Trend Micro Client Server Messaging suite for SMB as my antivirus/spam etc solution, it hasnt seemed to have picked this up, would you consider that a hardware solution may be better than Software?

I will award you the points as you have explained what the issue was and how to fix it!

Gavin McMillan


Hi, thanks again for the answer, figured id leave feadback!

Was really happy with the structure of your answer... addressed the question, explained it clearly and gave a good solution.

TG TranIT guy

Trend CSM filters spam that directs to valid users.  What you would need is something that can filter the recipient on the message against a list of internal email addresses.
Good luck!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.