Have a customer with an Exchange 2010 environment.. Starting last week they started receiving NDRs when trying to send emails to multiple domains.. It's not limited to a certain domain and it's not limited to a certain user..
According to the IT contact these are domains they email on a daily basis and have never had any issues..
They aren't on any blacklists and their server is clean (virus scan).. Their server is not an open relay.. Not using smart host..
I have tested to a domain bouncing them by sending a test email with no signature etc and I immediately get the bounce..
In the queue viewer there were emails that had a from address of <> that definitely looked like spam (subject line).. Is there any way I can track these down?
Email in queue viewer:
Subject: Automatic reply: Your Complimentary Credit Scores Are Waiting For You
Internet Message ID: <c442983d72b840ea9e50847ea0b7db72@SERVER.DOMAIN.LOCAL>
From Address: <>
Size (KB): 4
Message Source Name: FromLocal
Source IP: 255.255.255.255
Date Received: 6/10/2013 12:18:25 PM
Expiration Time: 6/12/2013 12:18:25 PM
Queue ID: SERVER\73247
spam04.embarq.synacor.com rejected your message to the following e-mail addresses:
spam04.embarq.synacor.com gave this error:
[P4] Message blocked due to spam content in the message.
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
Diagnostic information for administrators:
Generating server: SERVER.DOMAIN.LOCAL
spam04.embarq.synacor.com #554 5.7.1 [P4] Message blocked due to spam content in the message. ##
Original message headers:
Received: from SERVER.DOMAIN.LOCAL ([::1]) by SERVER.DOMAIN.LOCAL ([::1]) with
mapi id 14.01.0355.002; Wed, 12 Jun 2013 08:44:36 -0400
From: TEST <TEST@ttttire.com>
To: "email@example.com" <firstname.lastname@example.org>
Date: Wed, 12 Jun 2013 12:44:35 +0000
Ideas on what do look at?