SMTP Server Compromised?
Posted on 2004-08-04
I am seeing a lot of suspect traffic passing through our SMTP queue. The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.
I dont really know how to go about determining what is actually the issue here. Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own? Could it be that a spammer has somehow gained entry to my mail server?
I have scanned for viruses, trojans, and misc other scumware to no avail. I have also isolated all smtp traffic on our network to our mail server.
What to do next?