OK....here's one for the grownups.
We have a client that's signed up for the mx-logic anti-spam service. Part of their account is outbound filtering and requires the installation of a smarthost. No problem.
The problem is that when I enable the smarthost and disable the normal send connector the server starts sending out buckets of spam.
Malware bytes didn't come up with anything on the server, spybot search and destroy didn't come up with anything. The server isn't a relay but like clockwork, we change the send connector and it starts spamming.