I upgraded to the latest version of Sophos PureMessage (v2.6.1 upgrade to v3.0) on an SBS 2003 server.
The upgrade went smoothly as per usual. Hats off to Sophos for providing good quality products and excellent documentation.
This version now includes AD integration and allows for recipient validation. I enabled this, as well as verifying the upgraded settings. I kept an eye on progress for about 90 minutes as I was performing other administrative tasks.
When I came back to it the next morning, the server was being sluggish. Investigation showed that the were several thousand NDRs queued up, and further investigation revealed that the Exchange journal mailbox was bouncing Read Receipts with a Permission Denied error back to PureMessage. Unfortunately, the Read Receipts had no From header, so PureMessage was generating an NDR and trying to send it to an address of '<', which is a completely invalid address. This was then escalating an alert message to the Alert address, which had filled up the resulting mailbox. The mail bounce that was occuring was also generating an unscannable error due to too many nested attachments, which also queued up an alert message.
The remedial action was to remove the administrator alert address. This stopped the queuing. I then turned off administrator alerts for the On Unscannable action for the Exchange Store scanning and the Transport scanning. This helped stopped further NDR flooding.
The final action I performed that finally killed the NDR storm was to fire up the Exchange System Manager, go into the SmallBusiness SMTP Connector properties, go into Content Restrictions and turn off System Messages.
I also opened up the Delivery Restrictions placed on the mailbox that I'm using for Exchange Journalling until I can verify what the appropriate restrictions should be on the mailbox such that it works with PureMessage 3.0, seeing as the previous settings worked fine with PureMessage 2.6.1 (which was only accept messages from the Exchange Journalling mailbox).