We have a single site that appears to have an open relay. We receive periodic monitoring alerts "SMTP Server Remote Queue Length Alert on xyzserver. In looking at the outgoing queues there's a few messages in there that certainly look like they don't belong.
We use the ICW wizard to configure services and have standard DSL and dual nic's in the server. Looking for a definitive approach to shutting down the relay.