locked
550 5.7.1 Unable to relay for [probably bogus Email address] RRS feed

  • Question

  • Hello,

    My Exchange Server has been reporting numerous instances of the following message (or very similar messages) most days for a couple of weeks or so now:

    This is an SMTP protocol log for virtual server ID 1, connection #3. The client at "118.161.64.59" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for sanjinn232@yahoo.com.tw ". The full command sent was "rcpt TO: <sanjinn232@yahoo.com.tw>". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect .asp

    The Email address is unknown, and probably bogus.

    What really concerns me is that the messages from yesterday (Sunday!) contained a now defunct Email account from someone who used to work in our London head office, but left about a couple of years ago. To me, this implies that there has been unauthorised access to the company IT infrastructure - possibly at both sites - and that someone is trying to get our Exchange Server to relay unsolicited / mailicious Emails. The above message suggests that the attempted relaying has not been successful to date, and I can't find anything out of the ordinary in the SMTP queues or the Exchange logs - but the persistence does concern me.

    So, am I reading this correctly? If so, what can I do about it? Or if not, what does it really mean?

    Thankyou very much for your help.

    Kind regards,

    Keith

    Monday, March 10, 2014 9:59 AM

Answers

  • If your Exchange server is accessible from the Internet, as it would be to allow you to receive SMTP mail unless you have a relay server like an Exchange Edge server, then Spammers will attempt to use it to relay.  Your server is correctly rejecting that, so I don't see a problem.  If you're worried about this, then you could contract with a third-party cloud-based message hygiene service like Exchange Online Protection, and the restrict the IP address that can talk to your Exchange server to those of the hygiene service.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 10, 2014 4:14 PM