Our Excnage 2003 Server Running on Windows SBS 2003 is sending a ton of SPAM.

We have an Exchange 2003 server that has been running on our Windows SBS 2003 server for several years without issue. All virus protection is up-to-date and a full scan found no issues. We have Avast Business Protection Plus which has the Exchange filter. A full malware scan also found nothing.

I have disabled the Outgoing Mail and and have created a temporary SMTP connector to funnel all messages to which is not scheduled to send until 12 hours from now. Inspection of the messages found that they are all being sent by one address which is: info@decobk.com. This email address is not associated in any way with out domain.

Is there a way to stop this?

Thanks
Poly11Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PaulD77Commented:
Have you checked for an open relay?

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

Also, try this site for diagnostic testing

www.mxtoolbox.com

0
Poly11Author Commented:
We don't have an Open Relay - below are the results:

 OK
 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
Not an open relay.
 5.382 seconds - Warning on Transaction time
0
PaulD77Commented:
Is your SMTP being Masked...

read this response to your MX results..

http://community.mxtoolbox.com/forums/viewtopic.php?f=5&t=13170

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

PaulD77Commented:
SMTP Masking wouldn't cause spam being sent from your domain...Are you sure none of the clients have a virus or malware?  What are you using for client security?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ArneLoviusCommented:
you could have an internal client that is sending email through exchange.

if all of your clients use MAPI clients, then deny SMTP access from your internal network
0
9660kelCommented:
Have you checked the header information for the source IP address?

That will likely lead you to the affected computer.
0
Poly11Author Commented:
We found the culprit on the network. The user for some reason had admin rights and was able to install whatever he wanted. This has been corrected and the issue is gone.

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.