I have a small business server 2003 running exchange 2003. Recently the server is sending out lots of NDRs to .co.uk domains (which we do not have contact with).
The subject of all the emails is "One Unread Message" sent to noreply@allianceleicester.
I thought my server might be under an NDR attack, so I followed steps to turn off NDR notices, enable recipient filtering, and DENY access from the IP address known to be sending these out:
However after restarting the SMTP server service (as well as GFI service) my mail queue is still being filled with NDR messages and the NDRs are still being sent out, one every 10 seconds. I have Tarpitting set to a 10 second delay so maybe that has something to do with it.
Any insight would be helpful. It could be that I have a virus, but no information appears in google when I try the subject or email address mentioned above. Could one of my SBS clients (25) have a virus and be causing this?