A vulnerability in Exchange Server 5.5 allows unauthorized mail relaying, even when you've disabled or restricted the relaying feature. This vulnerability occurs when Exchange uses encapsulated SMTP addresses when it's using the IMS as a site connector. Exchange doesn't check mail against the antirelaying features when the mail enters the IMS in encapsulated format—even if you don't use the IMS' site connector feature.
You can obtain a Microsoft post-SP2 hotfix to correct this vulnerability from ftp://ftp.microsoft.com/bussys/ exchange/exchange-public/fixes/Eng/ Exchg5.5/PostSP2/imc-fix. However if you're using the IMS as a site connector in your Exchange organization, this fix might stop your site connectors. If your site connectors stop, add the IP addresses of your other site servers to the IMS's Routing Restrictions section to let them bypass the restriction. You can find more information about this problem in Microsoft Security Bulletin MS99-027 at http://www.microsoft.com/security/bulletins/ms99-027faq.asp and in the article: "XIMS:Messages Sent to Encapsulated SMTP Address Are Rerouted Even Though Rerouting Is Disabled" (http://support.microsoft.com/ support/kb/articles/q237/9/27.asp).