I have an Exchange 2003 server that appears to be being used as a spam host. It it not an open relay and the Default SMTP Virtual Server properties under Access/Relay have the mail server and the network scanner listed with "Only the list below" checked. The box to allowed authenticated users to relay is unchecked.
I see spam to/from the same user. So bsmith@ is sending spam to bsmith@, but it is coming from outside the network. Here are the headers:
Received: from host145-98-static.206-37-b.business.telecomitalia.it
([220.127.116.11]) by MYMAILSERVER with Microsoft
SMTPSVC(6.0.3790.4675); Wed, 19 Sep 2012 05:42:34 -0700
Date: Wed, 19 Sep 2012 13:42:19 +0100
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4913
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:18.104.22.168) Gecko/20101027 Thunderbird/3.1.6
The to and from and the same and it's not from inside my network. I'm not sure how this is getting through or how is it happening. There is not a lot of it, but I would like to stop it.