Today i received a call from one of my customers complaining that he is not able to send emails. His running an exchange 2003 server. As soon as i got there i checked the queues and saw thousands of spam messages waiting to be sent.
I created a dump exchange smtp connector, and deleted more that 60000 of spam messages. I have blocked port 25 on the firewall for all computers in the network, stopped the SMTP service on the exchange, turned off all the computers in the office, installed GFI mail security and essentials for exchange and did a full virus and malware scan on the server using norton, malwarebytes and superantispyware. Both gfi for exchange and the virus and malware scan found nothing on the server.
As soon as i started the SMTP service i could see again in the queues massive amounts of spam trying to get through the dump smtp exchange connector.
I unplugged the server from the client's office and took it with me in my office lab. Its been 2 hours now that i am sending and receiving emails without any sign of spam leaving my server.
Can anybody give me a clue how can i observe the problem at the client's office?