I have been fighting a problem with my mail server for a couple of weeks now and need some assistance.
My MSX 2K3 server passes a 16 point open relay test, however, about once a week, I have to go to the ESM and inspect the SMTP connections. I will see an IP that is making several concurrent connections and I get alerted from MX Toolbox that I am now a spammer.
I will go into the properties of the smtp virtual server and block that IP for incoming connections and the problems will subside until another spammer starts the process all over again.
I have trend micro WFBS 8.0 and the server passes weekly malware scans, however I am aware that if there is already an infection, the system may be ignoring the condition, thinking that "all's well".
So, other than my system having a possible infection, what else can I do? I have followed all lockdown procedures outlined in several documents from MS and EE and it appears as if the open relay issue is not an issue... I am now getting reported as a spamming server and this is causing a breakage in the business.
What am I missing?