I have NetFlow Analyzer monitoring network traffic and have noticed hundreds of outgoing SMTP connections from our Exchange server to IPs all over the world. This is happening after hours when no one is at the office and remote users are probably not sending mail (not at 2 or 3 in the morning.) When I look at the messages sent in the message tracking center everything looks on the up and up. I also have an Untangle box monitoring all SMTP traffic but it doesn't seem to watch the outgoing SMTP just POP. When I look in the outgooing queue in System Manager everything looks OK. I have followed all of the instructions from Amset's site about securing Exchange. I also have snort running and see hundreds of SMTP relaying denied entries coming from the Exchange box.