Actually it sounds to me like you've done a pretty good job of setting up
the box and that you've rather effectively secured and stabilized it.
You're prob NOT being relayed off of - I had a similar suspicion after I
hardened my 5.5 server as hard as granite and I was VERY frustrated to
continually see these emails in the outgoing queue.
After much investigation I determined that in actuality I was not being
relayed off of in the traditional sense but rather that these emails were
the result of spam coming INTO my network (being sent to users inside my
company) and these spam mails were configured to automatically send
something BACK out to the net (to the originating domain or actually to a
totally diff email address) once they were opened by the user. this is more
concisely known as "Auto-reply to the internet" - an option you can disable
through the properties tabs in the IMC - and users can individually disable
this in their MAPI email client (outlook, etc).
I did this, but found that auto-replies were STILL being generated and relay
attempts were still managing to attempt to get fired back out from INSIDE my
VERY frustrating but as far as I know , not much you can do to stop this
sort of <unknown> from appearing in your outgoing IMC queue.
I hope this has helped -
> Hi...I'm not an Exchange admin by default, but I've inherited a 5.5 box
> that's driving me nuts with regards to the above-referenced subject. The
> box is Win2K (fully patched) and Exchange is patched to SP4. ISA server
> also running on this box -- patched to SP1.
> I've gone to great lengths to make sure it's not set up to relay, but it
> appears that something is amiss. I've read the various Q articles on the
> subject and made modifications to the config. where necessary, but I'm
> seeing a number of messages in this queue that are obviously UCE. So all
> can figure is that somehow, someway, this box is still being used to relay
> Can anybody give me some insight into what's going on? I'll be glad to
> provide additional info. if needed.