Exchange error logs flooding hard drive.

. We can send mail from an account, so SMTP is working, but like I said, no one has a mailbox yet.

In the Event Viewer I am bombarded with the follwing logs. The recipients are slightly different each time.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3030
Date: 1/5/2005
Time: 2:15:53 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;skinny@gigigaga.com (Message-ID <MAINSERVERox7nyeKzG00000215@company.org> .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d1 02 04 c0 Ñ..À

We also get lots of this similar one.

Event Type: Error
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3008
Date: 1/5/2005
Time: 2:12:11 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;luxwell@ethome.net.tw (Message-ID <MAINSERVERWStui3cJv00006609@company.org> .
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Are we being compromised in some way? Or is it nothing to worry about?

Also, in the Program Files\Exhchange\MDBDATA folder, it get's constantly filled up with E0000*.log files that are 5MB each. We get 80 of these in a couple of hours, which is costly, and I have to manually delete them every so often. IS this related. How can I stop it?

Thanks a lot for your help.

 

Is this exchange 2000 or 2003? The NDR 5.0 was recieved pre 2000 sp1 and after the patch was applied the NDR went away.

Check your SMTP connectors and routing groups, it sounds as if you may have a flaw in configuration.

I also assume you are behind a PIX or something similer?

 

Exchange 2003. And I'm pretty sure the SMTP settings are correct.

PIX?

 

PIX = Sisco firewall or something similer.

Ok E0000*.log files are transaction logs, I dont know what you are doing (home, company etc.) but you should let your backup purge these went it is done. If you are getting flooded with these without any mail be sent or recieved then I am curious what these log files contain.

Also concerning the NDR 5.0 error did you try correcting the address space by adding an address space of type SMTP with asterisk value to SMTP connectors?

 

Yes, the address space is there.

My main concern is the unauthorized sending of mail. No one should be sending mail at all. The smtp queue is full. And nothing I seem to do, short of turning off the protocol, stops the flood.

Right now, we're using the firewall that came with 2003.

 

Are you using the default relay restrictions?
What is the sender email address? Is it comming from your domain?

 

Yeah the sender address is a garbel of characters@ourdomain.com.