I have an Exchange 5.5 sp 3 Server running on NT4 at work that seems to have been hijacked.
When checking a complaint by a user about their mail not getting to the destination in a timely manner, I discovered a IMS (Internet Mail Service) Out Bound Queue full of SPAM (ie the standard "viagra", "get out of debt", "porn chick" stuff, addressed to aol, hotmail etc).
After eliminating all other sources, ie scanning all PC's for viruses, disconnecting parts of the network, etc, I have discovered that the server seems to be creating the spam itself. This is based on the fact that the server is now totally disconnected from the network (ethernet cable unplugged), the queue has been deleted, and as soon as I restart the IMS, within a minute there are a 1000 email messages in the queue.
Its not being Relayed, since now not connected to network and internet connection has been closed. Anti Relay setup has worked in the past, and has not been changed.
I have run a virus scan on the machine, but found nothing.
When I stop the IMS, the messages stop being generated, as soon as I start it again, the messages start being generated.
Any idea's PLEASE !