I have started receiving the following warning in the Application Event Log on my Exchange Server. I have done a fair amount of searching both here and on google but all the similar issues i find are with "rcpt" command whereas mine is with a "mail" command.
I am sure i am not having an NDR attack as my queues are not full etc. I am pretty sure i am not an open relay as i have relay turned off on the exchange box and all tests at http://www.abuse.net/
are negative, i am also showing negative for blacklisting at http://www.mxtoolbox.com
, i also am happy with my DNS setup and seem to have no issues with it found at http://www.dnsstuff.com
I think that is everything you will need, the full message is below, it occurs very frequently and the worrying thing is the e-mail address listed is an actual existing mail address for a user on my domain and the ip address listed under *possibly forged hostname for* is my actual routers ip.This also seems to be playing havoc with my internet speed.Hope you guys can help me sort this. Many thanks.
This is an SMTP protocol warning log for virtual server ID 1, connection #61. The remote host "22.214.171.124", responded to the SMTP command "mail" with "451 4.1.8 Possibly forged hostname for *my correct ip address*". The full command sent was "MAIL FROM:<myuser.myusersurname
com> ". This may cause the connection to fail.