Hey,I have an SMTP service on a production Windows Server 2003 box that is under attack. I tried to post under Windows Server Security and they said to post here even though it's the generic SMTP service, not Exchange. In the eventlog I'm getting a lot of messages like this:Event Type:WarningEvent Source:smtpsvcDescription:Message delivery to the remote domain 'fabietto' failed for the following reason: Destination server does not exist.The domains that it shows aren't of users in my database so I knew that emails should not be sending to these domains, hence my thinking that someone had compromised the SMTP service and it was being usedto relay spam messages to the masses.In the SMTP current sessions, there were IP addresses from China and Indonesia.However I locked down everything (I think) in the Relay options, listing no ip addresses as allowed to relayand also unchecking allow relay if authenticated. The messages were still going out. So I looked at some of them and they all had the from address as bogus usernames @ my domain. So basically my SMTP server is picking up these messages and then sending them back to the sender saying it's a bogus email or something? I don't know, I don't fully understand what's going on. The server is really slow because they keep sending all these bogus emails to it, is there something I can do to lock them out? The requirements of the SMTP service are just that it needs to be able to pick up incoming mail to legitimate users and drop it in their pop mailboxes. It doesn't even need to send out mail (it'd be nice to have this but I can use a different 3rd party SMTP server for that so that I don't risk sending out spam.) It seems like you should be able to say, only pick up mail that is sent to these legitimate users on this box, don't pick up mail that has the from address as my domain...Is there something I'm missing that I should be locking down here?Thanks,Justin

Hi Justin, Please let us know whats the from field of these mails? Are these mails Non delivery report? Please check the following settings: IIS | Smtp virtual server | Access tab | Access control | make sure only anonymous access is checked as you dont use it send mail If they are from certain IP from China and Indonesia, you can block this IP in connection control window of Access tab. Related articles: HOW TO: Set SMTP Security Options in Windows Server 2003 http://support.microsoft.com/default.aspx/kb/324285 XCON: How to Set Up Windows 2000 as a SMTP Relay Server or Smart Host http://support.microsoft.com/kb/293800 Thanks, Elvis