We have an Exchange Server on Server 2012.
Everything has been working great. But I noticed that somehow either the Server or a workstation got infected and was sending out SPAM.
So email goes out (monitored through the Queue Viewer in Toolbox) and gets stuck because most of it cannot be delivered.
When I look at the body of the message there is no sender, or the sender is blank like <>@mycompany.com
So I'm not sure who is infected.
How can I track down where the email is coming from?
Shut off all the systems connected to it (small network of 8 workstations)
Shut off the VPN
Scanned all the systems using Malware Bytes (Servers and Workstations)
I admit the Servers were freshly deployed and didn't have their own AV yet. There is a Hyper Host and 2 VMs, one the DC the other the Exchange Server.
Microsoft's Exchange Connectivity online tool says the server is not an open relay when I tested email to one of my accounts.