<div>
Here is a screen shot, I keep seeing random connections.<br />
<a href="https://filedb.experts-exchange.com/incoming/2009/02_w07/106011/forged-mail-headers.bmp" target="_blank" class="file-inline" title="exchange queue (3.7 MB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>forged-mail-headers.bmp</a>
</div>


Here is a screen shot, I keep seeing random connections.
forged-mail-headers.bmp [https://filedb.experts-exchange.com/incoming/2009/02_w07/106011/forged-mail-headers.bmp]

forged-mail-headers.bmp

<div>
The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings. <br />
Are you using a smart host, perhaps to send email out through the appliance?<br />
<br />
When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?<br />
<br />
-M
</div>


The messages have already left the org, as the queues are empty, it just takes ESM a little while to clean up the empty queue listings.
Are you using a smart host, perhaps to send email out through the appliance?

When you looked at the traffic, while it was from a user, where did it originate? Do you have authenticated relaying enabled on the server? Can Exchange be seen from the internet on port 25?

-M

<div>
Ho can I test this out?I do not want any relaying at all.
</div>


Ho can I test this out?I do not want any relaying at all.

<div>
<div class="content wysiwyg-content">
This past week I ahve ntoiced all sorts of strange packet data on Wireshark.<br />
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net<br />
<br />
I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.<br />
There are lots of random IT related sites and showing as making conenctiosn to our server.<br />
<br />
How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.<br />
I do not ahve the server set up to relay.
</div>
</div>


This past week I ahve ntoiced all sorts of strange packet data on Wireshark.
I have been snooping on out mailserver and in the queue I noticed several fictious domains and all the mail being sent to these domains was from a user on our network to a recipient fuzbudgt@bmi.net

I have deleted all the mail in the queue from our internal user to this fictious user, the queue has cleared.
There are lots of random IT related sites and showing as making conenctiosn to our server.

How can I test the security of the Mailserver. Our Exchange 2003 server sits behind a Barracuda.
I do not ahve the server set up to relay.

Fictious mail domains in Exchange queue

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.