SMTP Server Compromised?

I am seeing a lot of suspect traffic passing through our SMTP queue.  The emails appear to be coming from legitimate accounts, but they are going to email addresses the owners of the accounts being used do not know.

I dont really know how to go about determining what is actually the issue here.  Are there any viruses currently in curculation that use the SMTP server set up in Outlook rather than their own?  Could it be that a spammer has somehow gained entry to my mail server?

I have scanned for viruses, trojans, and misc other scumware to no avail.  I have also isolated all smtp traffic on our network to our mail server.

What to do next?
Who is Participating?
Yan_westConnect With a Mentor Commented:
Is your Antivirus Auto-Sending reply to addresses that would be sending viruses on your network?  Used to do that on my network, I had to disable the fonction that sent a warning to all incomming message containing a virus, even if the person never would receive the infected file.
LucFConnect With a Mentor EMEA Server EngineerCommented:
Hi forrest321,

Also, check if you're not an open relay... this will make it very easy for spammers to use your server as relay.


forrest321Author Commented:
We do not allow relay.

I am testing the virus response messages.  I think they are sent from the postmaster account rather than the individuals, but I am not sure yet.
forrest321Author Commented:
Well, I feel silly.  

All of the users that I have been spotting in these emails in the queue are currently out of the office...  Their vacation message is responding to spam, which explains why no-one knows any of the email addresses.

Thanks for the help.
LucFEMEA Server EngineerCommented:
Forrest through the trees thingy... Glad you got it sorted :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.