netstat analysis help please

[soozle]

I've been cleaning up after a hack on our email server (NT4 MSE 5.5) and on running netstat found these lines (among others)
TCP mailhost:smtp pool-138-88-179-147.res.east.verizon.net:4682 TIME_WAIT
TCP mailhost:smtp mail.kookiejar.net:2204 ESTABLISHED
TCP mailhost:1353 mx1.hotpop.com:smtp TIME_WAIT
TCP mailhost:1355 mx2.hotpop.com:smtp TIME_WAIT
TCP mailhost:1361 mx.mail.lycos.com:smtp TIME_WAIT
TCP mailhost:1363 mx2.hotpop.com:smtp TIME_WAIT
TCP mailhost:1365 mx1.hotpop.com:smtp TIME_WAIT
TCP mailhost:1367 mx1.hotpop.com:smtp TIME_WAIT
TCP mailhost:1369 mx1.hotpop.com:smtp TIME_WAIT

bearing in mind I'm new to this what can/should I do.

Soozle

 

[comtec17]

These look like relay servers. Do you have Exchange Relay turned off?

 

[comtec17]

I would also a dns flush from the command line.

ipconfig /flushdns

 

[soozle]

thanks for the reply.
Relaying is allowed for some remote users by allowing hosts & clients that successfully authenticate and through a few IP addresses none used by those listed above.

I must have a different
ipcongif to you as it doesn't understand /flushdns, there is a /release switch,how will it affect internal users ?

Soozle