exchange 2003 random internal e-mail addresses in outgoing queue
Posted on 2013-06-24
My client is running Exchange 2003 SBS (i just took them on). Their outgoing exchange queues are hacked with RANDOM internal e-mail addresses (firstname.lastname@example.org).
I've enabled sender/recipient filtering, ensured it's not an open relay, scanned the server for viruses (did find a backdoor trojan on it, i believe it's removed). I also changed everyone's passwords... Turned off windows authentication.
The queues are still filling up. Is it possible someone's machine in the office is compromised?
Anything else I should look at?