We've been seeing a lot of spam lately; my exchange server is blowing up with gigantic log files that are listing emails being sent from the client ip (126.96.36.199) to seemingly random (external) email addresses. Im thinking that a machine on the network has been compromise and has a smtp server running on it with an ip 188.8.131.52. the range on my network is 10.2.0.0 - 10.2.3.x. Is there a way to find the machine that is running this rouge smtp server? my network is getting black listed like crazy and I dont know what to do. please help!