We are running Exchange 2007, McAfee Hosted SPAM filter service, SonicWall. What we are experiencing closely resembles a DOS attack. I really need help figuring out how to prevent it from occurring again. A client sends an e-mail to us that gets caught in a loop of retrying (every two minutes) and somehow utilizes our entire bandwidth, bringing Internet usage to a screeching halt. I might add that this is gradual. It begins to slow down the Internet and eventually it is almost impossible to access a site. Viewing the bandwidth usage reports I can see the gradual climb until it maxes out and stays there. This happened a few months ago and again yesterday. These are two different clients totally unrelated sending to two different recipients at our domain. In both situations the client had previously sent e-mail to us successfully. We have size restrictions in place and it appears that in both cases the e-mails had attachments well below the limit. We have a hosted SPAM filter service (McAfee) and I used their control panel to see that one recipient was receiving over 440MB of incoming data. I called McAfee and they were able to tell me the e-mail address sending to this recipient and that the server was retrying to send every two minutes. The only way I know to stop it is to add the e-mail address to the deny sender list. It's obviously not good that we have to block a client, especially when they need to send us information. I need to know what is causing this to happen and how to prevent it in the future. I need a policy that will refuse more than five retries or something similar. Thank you in advance for your help!