So now, what I have going on is a mm virus on the intranet? Virus for sure. Server is Exchange 2003. Clients use Outlook 2003. We are receiving e-mails from spoofed addresses on our intranet i.e. email@example.com and not firstname.lastname@example.org. I can identify the IP address where they are coming from, but am unable to block the IP address or the sender. I use SMSSMTP v126.96.36.199 which is catching most of the e-mails that try to come in, but not all, obviously. I have not been able to identify the virus, but so know that the spammed e-mails are not getting out of our network - yet. Any suggestions?