I have an exchange server that is sending multiple spam messages

I have an old Exchange server 2003 that starts sending out garbage emails at a rate of 3 a minute.  After 10 minutes the SMTP connector stops responding and it cannot be restarted without restarting the entire system.  I have ran virus scans using Malwarebytes on all systems and can say that everything on the network is clean.  We own 5 different Public IP addresses but only have need for one.  We have been blacklisted because of this activity so I have changed the MX records to point at a new IP address.  This obviously fixes the blacklisting but we still get the surge of bad messages.  I went and deleted thousands of messages in the queue folder I have made many changes to the SMTP connector for relaying and where things stand right now is all users are at least receiving mail but all outgoing mail sits in the outgoing queues but will go if I force the connection on a specific address.  In the queue I am seeing the bad messages but I am not forcing them.  The one difference with this site is that they are not forwarding to a  smarthost they are using DNS to route address space.
Any ideas??  This server will be replaced next year.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
Well first of all you cannot be certain that the system is clean.  Both Windows Server 2003 and Exchange 2003 are no longer receiving security updates from Microsoft, so it's entirely possible the system has been compromised.

Just because Malwarebytes says the server is clean doesn't mean it really is.  

I know  budgets are a concern but getting rid of this system next year is a bad idea  You need to get rid of this system now.  Security issues will only become a bigger problem the longer you wait.

I work for an MSP and some of our clients have been dragging their heels on upgrading and now they are paying the price.
captjcretAuthor Commented:
The problem is the firm is pretty much disbanding because of attrition.  The main guys are retiring and just want to make it to the end of the year.  Then the company changes owners and the money will be there. I need to figure a way to put a band aid on this one.
Scott CSenior EngineerCommented:
How many users are we talking about here?  Would a move to Office 365 be an option?

You can still keep the same domain name and continue on for the rest of the year.

The only reason I'm suggesting this is because we don't know your system hasn't been compromised and there might not be a Band-Aid for this.

If it's a small  number of users you could get this taken care of in a day.

Example of how easy to set this up here:


Costs would be minimal.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

captjcretAuthor Commented:
I have setup other accounts with Office 365 so I am familiar with setting up the domain.  If there is  nothing else I can do about the existing exchange server it might be my only recourse.
Scott CSenior EngineerCommented:
Ok.  Maybe we can narrow this down a bit.  I've been thinking about it.

It's possible that the server is compromised but maybe it's not.  What we can do to narrow it down would be to turn off ALL of the clients and see if the SPAM is still being sent.

If it is, then you know it's the server.  If the Spam stops, then you know it's originating with a client.

Turn them on one by one until the Spam starts again.

If this pans out you can then turn your attention to that client or clients.
captjcretAuthor Commented:
I should have added that to my description. I had all workstations power off at the end of the day.  At night I cleared the queues and rebooted the server and I still had junk mail errors in the application event log afterwards. It seems to have cleared up some when I changed a few things with my SMTP connector settings with regards to relaying.  I cant find a pattern.
Scott CSenior EngineerCommented:
Ok.  Then it does look like the issue is with your server.  I'd do the Office 365 migration.  I suspect you'll spend less time and charge your customers less with this route.  

You could spend days trying things that may or may not work. Moving to Office 365 for the next 3 months seems like the quickest, surest way to go.  And if they need the email for longer you just keep running with it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.