Exchange Abused - Auth user - which user?
Posted on 2009-07-14
My Exchange server has been abused used to send phising mails, and my ISP has blocked my IP adress. The Exchange server does not accept open relay - but is accepting authenticated users to relay. I Think that some users in our organization is using the same password as username :/ and that the spammers has taken advantage of this.
But how can I see which user that has been abused - Is there a logfile or something where one user might has send a large number of mails?