I've had a hell of a past 24hours trying to figure out what is going on.
My exchange server has been working beautifully for the past 4-5 years.
I THOUGHT everything was locked down nicely until yesterday, when i see the queue with 19,000 emails...
my server is not an open relay.they're getting in someother way.
and what i see is that under the current sessions in the smtp connector, there are (for the first time) users with static ip's. i blocked them in the connection propertires by selecting "all except the below" and i put in the static ip's of the attackers. and that worked for, 30-60 min, and then, there's a new set of ip.. but always its the same ip listed about 10 times.
Im at a loss. ive followed various steps ive found in microsoft KB, but nothing seems to help.