Hacked Exchange 2003 server
Posted on 2011-09-12
I have a SBS 2003 server and I've got a bunch of messages being sent from a user (which are spam, in chinese...), but I know the user is NOT sending the messages. I'm assuming it's a virus on a workstation or something, but I can't figure out where the original messages are coming from. Message tracking is on for exchange 2003, but I need help figuring out where the messages are originating from.
The really weird part, is that I change the user's password. Also, the emails are originating from the smtp address on their account that ISN'T the primary smtp address.