I have a client who continues to get blacklisted. Their ISP is getting complaints that spam is originating from their IP. I have scanned all computers on the network and the server with nultiple AV and spyware scanners to no avail. I have followed all suggestions in the excellent article at http://www.amset.info/exchange/spam-cleanup.asp
by Sembee. There is nothing in the queues when I delay delivery. The only thing I am seeing is firewall logs that tell me there is outgoing traffic TCP from the internal IP of my server on random ports to WAN IPs on port 80. Is it possible this spam is coming from my server to port 80? If so how do I find what is doing it and how do I stop it?