We have a remote server is using Exchange 2003. From what I can see the server is NOT an open relay. I have checked the settings and have run the telnet test to try to relay and no go.
I am suspecting that a client on the domain may be relaying mail through the server thereby getting around the open relay settings on the server. Not sure at this point whether it's from the outside or insdie.
I reviewed the following article to setup diagnostic logging to try and help me determine if and who the culprit is. I am not getting anything definitive.
The server is flooded with NDR events as well as Event ID 7004.
Also the queue is filling up.
Any thoughts on this would be great. Any tools or other tests I can use to determine the happenings here?