Hello Friends,I was wondering if anyone could tell me what I'm doing wrong here... I just set up exchange a couple of weeks ago, and am still confused about the settings which never seem to work logically the way they're supposed to (well, according to my logic at least).Basically, I want to stop these bastardsat hinet.net from sending mail through my server. Here's a picture of the queue. This means that they're using my server to relay, does it not?:PIC 1- QueueHere's some of the addresses that are in the queues:PIC 2- SendersJudging from the domains, it looks like the messages are using Chinese or Korean encoding. Doesthis mean that my relay is open, plus somebody jacked my postmaster account? I've already tried changing the Administrator password. I even deleted the postmaster email address from the Administrator account, and still get the same thing...I've set up a sniffer on the inside of our network, and none of these messages are originating internally.So I tried blocking the IP address range of those domains (168.95.4.1 - 168.95.4.254)using the global deny list, which doesn't seem to work. Are my settings incorrect?: PIC 3- Deny ListI also tried to change the access settings in the smtp virtual server as such, with no luck:PIC 4- AuthenticationPIC 5- ConnectionPIC 6- Relay RestrictionsCan anyone tell me what I'm doing wrong? I can't prevent this darn IP range from using my server!I WOULD try unchecking anonymous access, but whenever I do that nobody can send anything at all to my users from the outside!!!Thanks for your help,Chris

Hi cscrofani,I have the same problem with hinet.net, msa.hinet.net, but I'm on Exchange 2007. My scenario is Router and a DC with installed exchange 2007 on it(w/out Edge Transport). At fisrt I spent about two weeks to prevent the relay and finally it stoped. Today I came to work and saw the store.exe to take more than 1GB memory and understood that there is again relay through my server. Actually, I prevent the relay with the anti-Spam tools in the snap-in installed additionally in the Organization Configuration -> Hub Transport -> IP Block List. It's saying "Use the IP Block List to designate IP addresses that are never allowed to connect to the server. You can configure the IP Block List to refuse connections from individual IP addresses or from ranges of IP addresses."Inside I put the addresses that I want to block, restart the exchange and it is working.Good luck

You should allow no server to relay through your exchange. Pic6 is backwards. Only the list below should be allowed. Whitelist is much better than blacklist in this case.