My client is running Exchange 2003 SBS (i just took them on). Their outgoing exchange queues are hacked with RANDOM internal e-mail addresses (firstname.lastname@example.org).
I've enabled sender/recipient filtering, ensured it's not an open relay, scanned the server for viruses (did find a backdoor trojan on it, i believe it's removed). I also changed everyone's passwords... Turned off windows authentication.
The queues are still filling up. Is it possible someone's machine in the office is compromised?
Anything else I should look at?