After a call from my ISP last night it appears someone has been sending spam through our exchange server. I have checked the usual places, however found some alarming 'default' settings.
We do not allow relaying from any old IP, (Only 127.0.0.1 and the 192.168.0.XX (IP of domain controller - Exchange also hosted on same machine).
What would be the first setting to check? This needs securing before my ISP will allow me to send mail again!