Our Excnage 2003 Server Running on Windows SBS 2003 is sending a ton of SPAM.

We have an Exchange 2003 server that has been running on our Windows SBS 2003 server for several years without issue. All virus protection is up-to-date and a full scan found no issues. We have Avast Business Protection Plus which has the Exchange filter. A full malware scan also found nothing.

I have disabled the Outgoing Mail and and have created a temporary SMTP connector to funnel all messages to which is not scheduled to send until 12 hours from now. Inspection of the messages found that they are all being sent by one address which is: info@decobk.com. This email address is not associated in any way with out domain.

Is there a way to stop this?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you checked for an open relay?


Also, try this site for diagnostic testing


Poly11Author Commented:
We don't have an Open Relay - below are the results:

 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
Not an open relay.
 5.382 seconds - Warning on Transaction time
Is your SMTP being Masked...

read this response to your MX results..


Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

SMTP Masking wouldn't cause spam being sent from your domain...Are you sure none of the clients have a virus or malware?  What are you using for client security?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
you could have an internal client that is sending email through exchange.

if all of your clients use MAPI clients, then deny SMTP access from your internal network
Have you checked the header information for the source IP address?

That will likely lead you to the affected computer.
Poly11Author Commented:
We found the culprit on the network. The user for some reason had admin rights and was able to install whatever he wanted. This has been corrected and the issue is gone.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.