Hi All I have exactly the same open-relay problem, including the sending servers and addresses, and have been struggling to diagnose for a few weeks. I had a hunch that the hack may involve the SystemMailbox account (which of course is disabled), but this was based on checking security logs and seeing who was logged in at the same time as the spam was dumped into the queue. I have got around it for the moment (I hope) by loading the ORF relay and spam tool but I would really like to know how this hack is being perpetrated as I have a whole stack of other Exchange servers to look after and I really don't want this to get out of control... So if anyone has made any progress I would really appreciated you sharing your experience. Thanks ______________ Geoffrey Williams KAT International T: 02 9904 3137 F: 02 9904 0232 M: 0417 281 905 This email is confidential and intended for the recipient only. If you receive it in error please delete it immediately.