Exchange server sending out SPAM

A client called and stated that his server is sending out SPAM and he has been blacklisted by a few of his clients for doing so. Here is what was sent back to him from a client:

Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Fri, 20 Sep 2013 14:10:23 -0400 (EDT) Source-IP: Reported-Domain: Redacted-Address: redacted Redacted-Address: redacted@ EARN ADDITIONAL MONEY WITHOUT QUTTING YOUR DAILY JOB!!!.eml Subject: EARN ADDITIONAL MONEY WITHOUT QUTTING YOUR DAILY JOB!!! From: "FINANCIAL SERVICE INC" Date: 9/18/2013 8:00 PM Hi, How would you like to earn additional income while you still go about your daily routine? Here is an offer for you, earn up to $10,000 or more monthly without quitting your daily job or career. Mail me if interested. Reply to address to FINANCIAL SERVICE INC.

What is the best method to resolve this? I am not on-site. And what is the best method to prevent this from ever happening again?

Thanks in advance for all responses... Rich
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Frank McCourryV.P. Holland Computers, Inc.Commented:
Find the viruse(s) on his network and eradicate it.  Also check to see if the server is an open relay.  the tools at should be very helpful.
You have to identify the cause of the issue. You may ask do message tracking the source of the sender.

What I did experienced before is spammer use mail server to relay email out. The email was appeared came from my exchange server. What I did after that was blocked at mail gateway from sending out spam mail to internet.

Once, the cause had been identified, i removed my domain from DNSBL.

You may ask your client to temporary removed the domain from DNSBL while do investigation.
Alan HardistyCo-OwnerCommented:
Please have a read of my article and check the sender of the messages.  If it is a random external domain name, you are an authenticated relay and my article will tell you how to sort the problem:'t-send.html

My blog also has a quick fix for stopping the problem happening ever again:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.