I need to assist a school in hardening their Exchange 2010 server. From what I have learned, users are getting bogus email about their mailbox and are clicking on the link provided in the message. This is somehow providing a pipe for spammers to use them as a relay through the schools internal mail server. They are being put on many blacklist because of this.
I need to help them harden up the configuration to prevent this and hopefully identify the local machine that is being used as the middle man.
I am not an expert with Exchange and could use some guidance in my effort to help them.