Someone or something is attempting to use our exchange server to send out spam... after turning on logging it is showing a stack of Event:7002 failures in the Application event log.
"This is an SMTP protocol warning log for virtual server ID 1, connection #25. The remote host "18.104.22.168", responded to the SMTP command "rcpt" with "450 4.1.1 <email@example.com>: Recipient address rejected: User unknown in local recipient table ". The full command sent was "RCPT TO:<firstname.lastname@example.org> ". This may cause the connection to fail.
Ran virus check all clear."
I now others in EE have had this but the results seem to be not what I am after.
I have checked we are not an open relay. via Network Abuse Clearing House and also run various options via the following link -
What can I do to stop this from happening? As there is a stack of entries in the smtp que
thanks in advance.