My clients network consists of 30 LAN users and 2 Servers.
DC/Mail Server is running SBS2003 with Exchange 2003 SP2. Second server runs Server 2003 Standard R2.
The current firewall set-up only allows mail from Message Labs IP addresses inbound. The DC smart hosts outbound via a Message Labs FQDN. The firewall also blocks 25 outbound by default, and only the DC/Mail Server can send via SMTP port 25. This all works well. Clients cannot telnet outbound on 25 within the LAN.
The problem is that my client is still receiving spam mail! Message Labs have a whitelist for valid e-mail addresses that are allowed to send from our network. This whitelist gets updated automatically when a user sends mail successfully outbound. It's handy when you create a new user within the LAN because all you have to do is send one test e-mail outbound and the Message Labs whitelists is updated automatically. This is a feature they cannot turn off. What is now happening is that the whitelist is constantly populated with fake e-mail addresses. This tells me that someone within the LAN is sending spam messages outbound.
I have scanned the network with "sniffing" software but there is not much going on. I have manually gone around to all client PCs and searched for anything out of the ordinary but to no avail. I also scanned our servers but cannot find anything. At this point I am stressed out a bit!
Is there a really good way of locking down our DC/Mail server so that only Active Directory users can send/receive mail? Any help with this would be much appreciated.
Thanks in Advance.