email bouncing back

Hi it seems like our email has been hijacked or something when we send emails out they bounce back with the following msg - the IP address has nothing to do with us and we are sending very few emails out each hr may be 1 or 2.

Any advice on what we can do. We use sbs2003 exchange 5.5 under domain

Thank you

error 1:
Your message did not reach some or all of the intended recipients.
      Subject:    Tablet app now updated with L3 qualifications
      Sent: 03/11/2014 09:27
The following recipient(s) cannot be reached: on 03/11/2014 09:28
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            < #5.5.0 smtp;550 RATE LIMIT: Too many messages sent in the last 1h from>

error 2:
Your message did not reach some or all of the intended recipients.
      Subject:    RE: Need to attend an event on 7th November for 1 hr
      Sent: 31/10/2014 14:25
The following recipient(s) cannot be reached: on 01/11/2014 07:04
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < #5.0.0 smtp; 5.3.0 - Other mail system problem 550-'5.7.1 Message rejected as spam by Content Filtering.' (delivery attempts: 0)>

can you please look into this as a matter of urgency.

Thank you,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

According to MX toolbox that IP address is set up as both your Mail Exchangers...

Is this an IP that you own or do you send mail out via an external service (e.g. mimecast)?

Trying to remember back t my Exchange 5.5 days but if you can post the configuration of your send connectors?
David AtkinTechnical DirectorCommented:

According to an MX lookup it looks like is your mail server.

Pref      Hostname      IP Address      TTL      
10      24 hrs      Blacklist Check      SMTP Test
20      24 hrs      Blacklist Check      SMTP Test

I would start by checking your tracking logs and seeing how many messages you're actually sending.  One of your machines could have a virus.

Are you using as a smarthost for your mail?
I notice that both mails were sent to the same person. If you look at the blacklist:
Your IP doesn't show up anywhere. *IF* you were hijacked and sending out spam mails you would appear on - at least - some entries on that list in no time. Did you consider a configuration error at the recipient? Try sending a mail to a different domain.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

censuraAuthor Commented:
We have tried sending to a variety of addresses hotmail accounts, email hosted accounts and get the same bounce back error on every email we send out irrespective of who it is going to.

The accounts have been set up for a number of years and we have not had a problem before not since last Friday. We have made no changes to the server or exchange or our internet provider or router, nothing

thank you
Okay, that is some new info - are all error message the same? How is the Exchange server sending out mails? Via a smarthost or DNS?
If I telnet on port 25 to that IP address i get the following response. I also checked and you don't have relaying enabled which is good...

220 Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Mon, 3 Nov 2014 12:29:17 +0000

500 5.3.3 Unrecognized command
250 Hello []

250 2.1.0 OK
550 5.7.1 Unable to relay for

So i assume that is your Exchange server rather than an external service although it looks like Exchange 2000 rather than 5.5 as you stated in the first post.

Need to understand how your exchange environment is sending out mail. e.g. direct or via another service.
Also enable tracking, leave it a while and post your tracking logs so we can investigate more.

My initial thoughts are that your server has been breached and is being used to send spam emails out.
David AtkinTechnical DirectorCommented:
It sounds like it could possibly be an issue with your smarthost. Switch to sending via DNS for a short period.  If this resolved the problem get in touch with cpwnetworks and let them know of the error - If you're using them as the smart host that is.

Also 6.0.3790.1830 indicates that you don't have Exchange SP2 installed on your SBS.
censuraAuthor Commented:
Hi thanks for your help, i don't know of cpwnetworks our email is delivered as i am aware via dns directly with no other third party involved . I am sure we have exchange service pack2 installed as we required it for activesync which we set up on the server
can you confirm that DNS is properly working on the server? Is it possible that for some reason the server points to itself, creating a mail loop?
David AtkinTechnical DirectorCommented:
Have you checked your tracking logs yet?

Also, is it doing this with all emails or just ones to that client?
censuraAuthor Commented:
I will check logs today, it happens with all out going emails

Thank you
David AtkinTechnical DirectorCommented:
In that case, if you're sending via DNS at the moment see if your ISP has a smarthost that you can use.

If they do, change to this as a test.

Let us know what the logs say.
censuraAuthor Commented:
i have just set up tracking log here is it although only a few emails on it sent so far will send complete days worth later at the end of the day

thank you
censuraAuthor Commented:
After looking it is not doing it with all emails although it looks a bit random ie no common account we are sending too our staff, partners and learners  who use various email accounts gmail, hotmail, yahoo, exchange etc

thank you
censuraAuthor Commented:
How do i check that dns is not looping back by the way . Thanks
censuraAuthor Commented:
Also installed sp2 now
censuraAuthor Commented:
exchange - 6.5.7638.1 now
censuraAuthor Commented:
here is a larger log
David AtkinTechnical DirectorCommented:
Are you with Talk Talk?

If so, raise it with them.  It could be that their SMTP server is blacklisted ( and not allowing you to relay.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
censuraAuthor Commented:
thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.