Yesterday our server was flagged as been abusive from hotmail/live/msn.
We have information indicating suspicious/abusive email sending behavior from IP (18.104.22.168):
Date of abuse: 3/19/2012
Total RCPT To commands sent: 115282.00
Total email Sent: 327.00
Because of the large difference in recept to commands versus email sent, this IP has been flagged for name space mining. Windows Live Hotmail is blocking (or filtering) all email sent from this IP.
I ask them if they're could identified whom was send it the emails but said that information is classified.
So I have to check our server logs (exchange server 2003) and see whom was sending the emails but I've never done that.
We have to exchange server, one manage the external email so to me that obvious where I have to look. The information provide by Microsoft said the problem happen yesterday (march 19) so I have the log file but I don't know what to look for inside.
Can someone please help me find what to look for, so I can disable the origin account or implement what's need it.
PD : Excuse my bad English