I feel embarrassed to have to admit I know little about Exchange and the issue I am having here.
On an SBS 2011 standard box, years ago they set up a smart host send connector to go through a company that checks for spam filtering.
Worked fine for years. Now the filtering company is saying there's loads of spam going out from our network through them (coming from different people in the company). They said they disabled the email@example.com address till we can clean things up. They said they felt a machine got infected. Wouldn't that machine send out typically under the user that's logged into that machine? not several different people?
Looking at the message queues in exchange management console, I see a smarthostconnectordelivery entry. there's (only) 27 emails there waiting to go out. I can view the to / from for each. But the sender isn't available to be able to ask if they sent the emails intentionally.
a) is there a way when logged in as the admin to see the text of the emails to know if they are legit emails?
b) if a machine was sending out spam, wouldn't there be more than 27 emails waiting to go after 4 hours since they disabled that email address?
c) I am envisioning seeing the LAN IP that the emails were sent from to the exchange server, then I can see if these are all coming from 1 machine / check that machine for malware.
For mail that already went out, is there a way to see the contents of those emails? The spam filtering people sent me a list of headers of emails they say are spam... from different people in the company to people outside. Can't see the subject in what they sent. I would just like to be able to see that these really are spam (the spam filtering company can be overzealous sometimes I think).