I've been battleing this worm for the past week or so.. The threat has been removed, but the reprocussion sucks. :/
Just as a background of whats going on:
1. I setup a firewall rule to block all port 25 traffic except from the exchange server
2. I noticed there were a handful of domains queued and failed due to poor rating
3. I contacted ISP and configured the smarthost on my default send connector and that seems to have resolved the delayed issues (yay!)
Now, my concern is.. I would like to keep our exchange on DNS as much as possible in order to have more control on the mails sent. Now, originally there were only about 8-10 domains that were giving issues in the past 48 hours.
I did some reading and asking, and found out I am able to setup another send connector and add only the domains specific that are giving issues to send through the smarthost.. I wanted to post this to verify I am doing this correctly, as this would be my first time implementing this configuration.
## smathost configuration for domain specific ##
1. Name : Smarthost for specific domains
Indended use for this connector : Internet
2. Address Space:
-*aol.com | cost 1
-*firstma.com | cost 1
3. Route mail through the following smart host:
4. Authentication : None
5. Source Server : my exchange server
## end ##
-Please let me know if this is the proper setup?
-Do I need to add the asterik before the domain names in the address space, or could I have just added aol.com | cost 1?
-Do I need to edit my DEFAULT DNS send connector and change the cost on the address space for "*" as 5?
-By doing this, I am verifying that every email send to a user at aol.com or firstma.com will be routed through the smarthost, and all other emails not listed in the address space will be routed through the DNS correct?