Hello, We received a call from our ISP stating that our IP address was producing SPAM and that they were terminating our service. We have a small network with 20 clients and a Small Business Server 2003 running. We have a SonicWall, Symantec SEP version 11 running on our network but no indication from either that there was something bad going on. In looking at our Exchange System Manager I found a SMTP connector that was added by someone other than administrators in our facility. It had some 8000 messages queued to go out when I froze the connector state. How can I lock down this server? What do I need to do to find out where the security breach is? How do I get rid of the connector and other hidden treasures that may be on our Exchange Server?

Track how anyone would have got into your exchange server and created an SMTP server. ( I doubt) There may be messages originating. Check the origination IP , it mnay be from your internal network . Check that and worrk according. As you are spmmaing you may be having an open relay or someone's accopunt is compromised.

One more important thing is to run Exbpa on the server. Post the result of Exbpa http://exbpa.com/ Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.blogspot.com

I do suspect whether your exchange server 2003 is an open relay or not. and check connector settings. check your domain is whitelisted or not http://www.mxtoolbox.com/ and also check SPF settings. and PTR records.Satish Mekala satish21267@gmail.com

Hi rmkeane, Any update for your issue? Above gave some good suggestion. I would also use the netmon to monitor the session of the exchange 2010 server, to confirm the resource of the issue. For the connector, you could remove it; for the queued messages, you could remove them. Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.