Have a standalone SBS 2003 server running exchange, and sending spam.
There are 4 clients.
Every few hours a burst of spam hits the smtp connector.
I have confirmed via telnet that the server in question is not open relay.
I have attempted to determine whether an authenticated user is relaying by setting smtp logging to maximum, but cant see any new server logins or authentications over 24 hours.
I have set a fake smtp queue to gather the outgoing spam, but cannot determine from whence it came.
AV scans (bitdefender) on server only found a few deleted trojans in the recycle bin of a secondary data drive of the server. Bitdefender is set to delete infected mail attachments.
These have now been deleted again, however the smtp queue has new items.
So, no logged user authentication, no open relay. From whence does it come?