I have an Exchange 2003 server system which has been working fine but recently we get lots of spams taking advantage of our server just like an open relay.
- I've tested open relay from public but it is not an open relay.
- It only happened at certain hours (usually from midnight till 9am)
We have an AD/ISA server up front, and then an Exchange server inside. IPs as followed
- AD/ISA: 192.168.1.100 (external), 220.127.116.11 (internal)
- Exchange: 18.104.22.168
ISA is publishing all the necessary rules from Exchange server.
The "Default SMTP Virtual Server" from Exchange is "Allowing All computers which sucessfully authenticate to relay".
Right now the spams come in too often and it is taking all the smarthost quota that we have.
In Application Logs, I typically get this message:
This is an SMTP protocol warning log for virtual server ID 1, connection #908. The remote host "22.214.171.124", responded to the SMTP command "mail" with "451 Daily Message Quota Exceeded ". The full command sent was "MAIL FROM:<firstname.lastname@example.org> SIZE=2318 ". This may cause the connection to fail.
How do I know where this came from and how to stop it ? Thank you