Blacklisted as a Mail Relay - help!

["Barros, Jacob" <jkbarros () GRACE EDU>]

> From our mail admin...

We're running Exchange 2000 server (SP3) running on Windows 2000 Server
(SP4).  In the Properties of the "Default SMTP Virtual Server" we
changed the "Relay Restrictions" by checking the box that says "Allow
all computers which successfully authenticate to relay, regardless of
the list above."  

This allowed those students using POP3 to send messages to off-campus
addresses using our Exchange server as their relay host.  We have been
running this way for several years without a problem.  That is until
about 2 weeks ago... All of a sudden we were being used as a relay host
for a spammer.  We've turned off all relay ability for the time being.  
--

We'd like to re-enable the 'authenticated' mail relaying but not if it
continues to cause a problem.  The best scenario would be to find who
was using us and stop them.  The first thing I did was check for viruses
on the mail server. I didn't find any and there are no 'weird' process
running that I can see.   

I'd like to find out if this is an internal or external problem.  Is
there any auditing I can set up on the Win2K box or in Exchange itself?
Is there any specific type of traffic I can be watching for? 

This is over my head.  Can anyone point me in a direction?  


Jake Barros
Network Security Administrator
Grace College
574-372-5100 x 6178

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.