Is Exchange Compromised???
Posted on 2014-02-25
Have Exchange 2010 Server, in production for 18 months, no issues.
Running on Server 2008 R2
Had a user get a trojan on their system last Friday.
Thought it was contained, scanned all systems from a bootable scan/fix CD
All systems came back clean
We are getting a ton of spam that has ACTUAL USERNAME@bougusDomain
Checked the Exchange Queue, we don't have barely anything in there, so it does not appear to be that we are sending spam from the server.
Today, we appeared on SORBS Blacklist.
It has to be coming from a machine on the network, I'm just not sure where or how to find it.
Where should I be looking or what should I be looking for because obviously there is a problem.