Question : Exchnage is too slow sending emails, I have a lot of NDR Messages in Event Viewer

A non-delivery report with a status code of 4.7.1 was generated for recipient rfc822;[email protected]om.tw (Message-ID f6@adonis.europtima.com>).  Event ID 3018

A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;[email protected].two (Message-ID 00@adonis.europtima.com>).  
Causes: This message indicates a DNS problem or an IP address configuration problem   Event ID 3018

Answer : Exchnage is too slow sending emails, I have a lot of NDR Messages in Event Viewer

Do you have messages in the queues of the Exchange server?
Have you disabled anonymous authentication on the SMTP virtual server?

IF the server is under attack then you need to look at dealing with that attack first.
The most common attack is an authenticated user, where the attacker is trying to guess a password - usually the administrator account. You can change the authenticated user settings to stop that from happening.
The second most common attack is a NDR spam - this is where lots of messages are sent to your server with invalid addresses on purpose. The server then rejects them.
Finally it could be a directory harvest attack.

The best solution I will make to you now is to shut off port 25 n your firewall totally. Then go through the server and ensure that it is secure and clean.

My spam cleanup article here: http://www.amset.info/exchange/spam-cleanup.asp will help. It also has links to other articles on my site on how to secure the server.

As already pointed out, changing the IP address of your server will not help, as that can take 48 hours or more to fully propagate - if your ISP allows you to make the change in any decent time.

Simon.