We are running the following:
Microsoft Small Business Server Premium 2003
Sonicalwall TZ170 Router
Workstations are all Windows XP SP3
Over the past few weeks we've noticed our internet connection has been pokey from time-to-time. I checked out the hardware, but everything appears to be good. Spoke with my ISP and tested stuff with them and no issues there.
So, I enabled traffic logging on the router and noticed a lot of bandwidth going out over port 25. In a few days, 2GB and we don't e-mail that much. We have 4 active workstations that maybe send 3 to 10 e-mails a day, but nothing to add up to 2GB. So I reset the log and in a matter of minutes over 30MB was transferred over port 25. The log shows it originating from the server's IP address.
I checked the message tracking centre in Exchange and I only see e-mails we've sent, no e-mails are showing up in there that are not recognized. There is nothing in our queues either. So perhaps, it may not be the server itself? I am running Microsoft's Malicious Software Removal Tool on our server right now.
We use DHCP and all our workstations point to the server's IP for DNS, DHCP and WINS. The default gateway is the router's IP.
I've previously run scans on the workstations and so far they've come up clean. I'm running them again now.
I could really use some assistance here to track down what is happening. I certainly don't want our system firing out spam or otherwise. I'm not an expert, I know my way around but don't worry about insulting me by explaining in detail any steps I should take to help find the source of the problem.
Thank you all.