Check out this link:

http://work-rss.mail-abuse.org/rss/howtofix.html

It has good basic info and some pointers to people that can help.

Could be the SirCam email virus or an email worm.
I had a similar incident a couple of months ago. "Something" kept trying to send out emails (invisibly) from my home pc. I ran McAfee Virus program with no results. Finally had to re-format the hard drive and begin from scratch. (Re-formatting wasn't to involved, as I had done this a week before due to SirCam wiping my hard drive.)
SirCam deletes all files on the drive containing Windows. I think the invisible email being sent was some other kind of "worm" that came in a text-based (no attachment) email.
Run a virus checking program and see if it shows anything. That's about all I can suggest. Next step would be a re-format/re-install.

TomGuy: It's a Win2000 Server with all of the patches installed (for SirCam, etc.). I HOPE it doesn't come to re-formatting the hard drive.

FixIt: Got your links, thanks. I will start to read all of it to determine if there's any way our server is "open relay". Nothing on the SL Mail Control Panel for options stands out right now, but I will try and contact the vendor when they open on the West Coast to see what they say as well.

I'd like to make this kind of activity a felony. Grrr!

99% sure that you're an open relay. Summarizing the link posted by Fixit: an open relay allows for people to send mail through it that isn't related to what is kept in the From: address.
The reason this is bad is that it is used by spammers to send mail through. Since they probably leave a fictious return address the admin of the site that received the mail will now look to you as you're the last mail server listed in the headers as handling the mail.
It looks like mail-abuse has made it harder to check out if your server is a relay as it was being abused. You can use this handy little script I wrote to test it out.
You'll have to a) be on a remote system outside of your domain and b) be on a system with Perl's Net::SMTP module installed.
Oh and one last thing: you SHOULD be a relay to your internal people. If you don't allow internal people to send mail through your mail server then no one can send mail ;) Run it by passing it the IP address of your mail server. Change the "me\@example.com" to your own email address.

#!/usr/bin/perl -w

use Net::SMTP;
use strict;

my ($server, $smtp, $to, $from);

$server = shift || die "Pass me a server to test!\n";
$smtp = Net::SMTP->new($server, Debug=> 1, Port => 25);

$from = "me\@example.com";
$to = $from;

$smtp->mail($from);
$smtp->to($to);

$smtp->data();
$smtp->datasend("To: $to");
$smtp->datasend("\n");
$smtp->datasend("From: $from");
$smtp->datasend("\n");
$smtp->datasend("Subject: Test message\n");
$smtp->datasend("\n");
$smtp->datasend("A simple test message\n");
$smtp->dataend();

$smtp->quit;

Just confirmed that the server WAS set as open relay. It was buried in one of the control panels on SL Mail, and the documentation said that this is the default (scary!).

I enabled filtering, and put in our LAN's private IP address range is being the allowable exceptions. Hopefully this will fix. I sure hope my domain didn't make it onto the spammers' block lists as a result of this weekend's happenings!

Anyway, thank you very much for the help. Freepers are the best!

Hi,

We had the same problem on our mail servers. Spammers will use the "send" side, aka SMTP, to make it look like the spam is coming from you. Whats happening is that any "bounced" mail also returns to you.

Many mail servers only require a log in with a password to receive mail. Our solution was to change our mail software to put a password on the send side.

I am not familiar with your particular mail server, you may have the ability to password protect your SMTP server already.

Note that when you do this, you will have to configure your mail clients to provide the SMTP password.

Good Luck,

Al