I have an Exchange 2003 server that sent me an email this morning:
SMTP Server Remote Queue Length Alert
Looking in the queues using Exchange System Manager there were just over 16,000 spam emails waiting to be sent out. We send via an external filtering service which was disconnecting our server, presumably due to the level of outgoing spam.
How can I find out where this mail is coming from? Does Exchange 2003 log IP addresses etc somewhere?
You're probably an open relay. First thing's first is to lock down your setup. Here's some directions:
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
Tracking down the source of outgoing spam in Exchange Server 2003 can be difficult. One thing you can try (assuming that you've got message tracking enabled) is to open one of the remote queues and look at the recipient address then track that address in the Message Tracking tool in ESM. That may allow you to find the originator of the spam. I would also recommend using the aqadmcli utility to clear out your queues.