Here's the environ:
Small LAN, one Server 2003 Enterprise running Exchange 2003 Enterprise. It supports less than 5 users, 4 of whom connect directly to exchange and one remote user who gets mail via POP3.
The other day I got an e-mail from Time Warner telling me that Spamcop got a complaint about some spam that originated from my IP. Of course I began the search.
I "think" what happened was that something I downloaded from a newsgroup was infected and started some trouble. I have scanned my primary server and my backup member server and both are clean. The data from the newsgroup is stored in an encrypted folder and is now closed so I'm thinking that "maybe" the virus can only run when the encrypted folder is open. I only reced one e-mail from Time Warner and it only documented on problem e-mail. Both servers look clean so far as I can tell, but I have several questions.
1. Under my mail server in system manager, I have a queue. What is that queue for and what is it's purpose? Of course I understand that it handles outbound e-mail, but I am under the impression that no one can use it unless the user is authenticated. I saw 35 queues in there and with only 5 users I didn't expect to see anything in the queue.
2. Under my SMTP virtual server, I see Current Sessions. Why do I see connected sessions in there from places I don't expect to see connected sessions from? Again, I am thinking that my Exchange server is set up so that only authenticated users can connect, yet I'm seeing some sessions I do not expect to see.
3. Can I lock down my Exchange server so that ONLY authenticated users can connect and everyone else is blocked? I thought I had it setup that way already but it seems not.
Anyway, I'm looking for some direction, pointers, etc on this issue.