Mysterious e-mails from/to nobody appearing in Exchange server
I have an Exchange 5.5 question. Recently, we noticed a bunch of e-mails that came from nobody and went to nobody. The "from" and "to" fields were empty and were passing our Exchange server. Some of them carried viruses, so we talked to McAfee. The server runs Netshield 4.5 and Groupshield. After sending a few Telnet commands to our Exchange IP, McAfee said that we have an Exchange relaying issue that we must resolve. He said anybody can use our Exchange to route their messages. Also, we often noticed that in the Exchange console -> Internet Mail Service -> queues, there were a bunch of unknown e-mails awaiting delivery with no originator but a strange DNS name for destination. This seems to verify McAfee's conclusion. We do have a hardware firewall.
How can we solve this relay issue? Sorry for any misinterpretation in terminology, and thanks in advance for any your help.
Your use of terminology and understanding of the situation here is just fine. While you may have a hardware firewall, that won't help you close your open relay. To do that, you must configure the Exchange 5.5 Internet Mail Connector.
For details on how to do this, see Microsoft Knowledge Base Article 315687, XCON: How to Prevent Mail Relay in Exchange Server 5.5 SP1 or Later.
This was first published in July 2003