I found the following article that deals with a similar issue that I'm seeing, but I'm still wondering if someone is somehow able to send out spam through our MSExchange 2010 Server.
The reference says, "the default behavior for Exchange is to accept inbound mail completely and then checks the recipients. If there is no recipient on Exchange, an NDR will be sent back to the sender which in many cases of spam is faked or originated from all over the Internet. This is what I suspect happens to your server."
Also, I've suspended some of the connectors and then noticed that the messages don't get delivered; for example, I sent a message from my Gmail account and I noticed that the Gmail DnsConnectorDelivery popped up, so I suspended it to see what would happen. When suspended the messages from the Gmail domain don't get delivered until I resume the DnsConnectorDelivery (btw, the connectors that I suspect are Spam I have suspended and are setting in a suspended state now). FYI, we are running the Anti-Spam features and in Recipient Filtering we have selected, "Block messages sent to recipients that do not exist in the Directory."
Other factors are that our Default Receive Connector's Network Settings are set to the following:
Use These local IP Addresses To Receive Email:
(All Available IPv6) Port 25
(All Available IPv4) Port 25
Receive Mail From Remote Servers That Have These IP Addresses:
Start Address ::
End Address ffff:ffff:ffff:ffff:ffff:f
Start Address 0.0.0.0
End Address 255.255.255.255
And under Permissions all check boxes are selected.
Can I limit the addresses or permissions without breaking what's working? I'm not sure of the changes that need to happen if any.