Exchange 2003 SBS - Mail being sent from system by unknown account?
Posted on 2011-03-22
I believe one of our accounts may have been compromised.
I have a user callled "User" that appears to be relaying mail from an IP that is not in our block.
If I look under Exchange System Mgr. > Servers >Protocols>SMTP> Default>Current Sessions
I see an account called User and a from IP of 22.214.171.124 which I have no idea who that is.
How can I tell which account on my side has been compromised?