spammer was authenticating with a hacked username against the Small Business Server computer as part of an operation to relay SMTP e-mail, causing an eventid 1708.
Changed account password already, no more emails from "email@example.com" coming out of our exchange.
but now on the "smallbusiness smtp connector queue there are thousands of messages from the firstname.lastname@example.org and it is not stopping, or at least is has been queuing for hours and submitting emails to the email that the spam was sending at.
Another detail is that we have a Mcafee offsite proxy where all our outbound emails go thru. They close the door of our affected ip address until we can tell them that we fix our problem.
I would like to stop the messages from the postmaster and clean the queues.