I've searched the internet high and low, as well as experts-exchange, and I can't find a solution to this. When I set our Exchange box up last year, I enabled Recipient Filtering and Tarpitting; however, since some time this morning I have been receiving mass amounts of NDRs for postmaster from postmaster regarding e-mails that cannot be sent - from email@example.com. I have scoured our server for viruses, malware and root-kits and found nothing. I do not want to just disable NDRs as they are needed for legitimate responses for failed deliveries. I have checked the SMTP queues and found a couple of e-mails from postmaster that are in queue for outbound delivery. I have also checked the SMTP logs of the SMTP virtual server but there is nothing there that makes any sense to me other than IP addresses destined to or from our firewall in addition to our journal server.
Any ideas how to stop this NDR/SPAM attack?