In the Application Event Viewer on my Exchange 2003 Server, I'm seeing lot of entries like this:
The remote host "18.104.22.168", responded to the SMTP command "rcpt" with "550 No such address ". The full command sent was "RCPT TO:<+.firstname.lastname@example.org> ". This will probably cause the connection to fail.
Anti-virus and anti-spam controls are in place in my environment and I do not have an open relay.
Is there a way I can determine the source of these rogue outbound emails?