<div>
You could temporarily turn on Archiving (in the Mailbox Store properties). &nbsp;Create a dummy account (called Archive or such like) and set archiving of all emails to go to this account. &nbsp;Then log on to the account (or use OWA) and check the copy of Sent emails. &nbsp;When you have determined where the spam is coming from turn off archiving and delete the account.
</div>


You could temporarily turn on Archiving (in the Mailbox Store properties).  Create a dummy account (called Archive or such like) and set archiving of all emails to go to this account.  Then log on to the account (or use OWA) and check the copy of Sent emails.  When you have determined where the spam is coming from turn off archiving and delete the account.

<div>
Thanks guys... I will work on this over the weekend to see if i can isolate the issue. Will let you know if your suggestions work...
</div>


Thanks guys... I will work on this over the weekend to see if i can isolate the issue. Will let you know if your suggestions work...

<div>
<div class="content wysiwyg-content">
I have a couple of clients using SBS 2003 with Exchange and when I look at the Queue's in the Exchange admin I am seeing SMTP connectors to foriegn domains (i.e. .it, .fr, .ru, etc..) and I know it is SPAM. <br />
<br />
I found articles on how to freeze the connections and remove them but what I need to figure out is how to identify which machine(s) they are originating from. I have run AV and Root Kits scans on the PC's but have found nothing so I am hoping that Exchange will let me know where the email are coming from.<br />
<br />
Thansk in advance for any help and suggestions!<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2009/05_w19/136172/screen-shot.jpg" target="_blank" class="file-inline" title="Screen shot of Exchange connectors (173 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>screen-shot.jpg</a>
</div>
</div>


screen-shot.jpg

I have a couple of clients using SBS 2003 with Exchange and when I look at the Queue's in the Exchange admin I am seeing SMTP connectors to foriegn domains (i.e. .it, .fr, .ru, etc..) and I know it is SPAM. 

I found articles on how to freeze the connections and remove them but what I need to figure out is how to identify which machine(s) they are originating from. I have run AV and Root Kits scans on the PC's but have found nothing so I am hoping that Exchange will let me know where the email are coming from.

Thansk in advance for any help and suggestions!


How do I identify where local outgoing SPAM may be coming from  in the SBS 2003 Exchange administrator interface?

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).