So, I checked our Exchange 2003 mail queue this morning and saw that there were 4,019 spam emails sitting in the mail queue. I turned up the logging settings for authentication and SMTP protocol. After reviewing the event logs I determined that that the spammers were authenticating through email@example.com. I disabled this account and there is no more spam entering the queue. When I re-enable the account a large number of spam emails enter the mail queue every few minutes. I reset the password to this account thinking that that would eliminate the spammers ability to use it to authenticate but spam is still piling in.
I disabled the firstname.lastname@example.org account again and haven't seen any spam in the queue for a while now. How can I keep this account active without allowing the spammers to authenticate against it? I would think that changing the password would work but it doesn't. Any ideas?