You might try to run the <a href=”http://www.microsoft.com/downloads/details.aspx?familyid=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en”>Microsoft Exchange Best Practices analyzer</a> against the server. Also, look at any machines that are allowed to relay through the exchange server. It may very well be that the exchange server is acting blindly on a <i>trusted </i>machine’s behalf that is the one comprimised.
Here is a MSKB article <a href=”http://support.microsoft.com/kb/324958″>http://support.microsoft.com/kb/324958</a> and here is the Exchange Server 2003 Security Hardening Guide <a href=”http://www.microsoft.com/downloads/details.aspx?FamilyId=6A80711F-E5C9-4AEF-9A44-504DB09B9065&displaylang=en”>http://www.microsoft.com/downloads/details.aspx?FamilyId=6A80711F-E5C9-4AEF-9A44-504DB09B9065&displaylang=en</a>.
You will need to start by locking down the IIS service on your Server. Open Start > Programs > Admin Tools > Internet Information Services. Navigate to the SMTP server and right click on it and select properties. Make sure that only the local host can send SMTP emails or only add the hosts that need to relay— however, you might consider setting up another server to accept any relay traffic you might need to generate. This way if someone reports your messages as spam they are coming from your relay server and not your e-mail server.
Then run a virus scan and spyware scan on your SBS server and all your client machines to ensure that no one has a virus or spyware running on the system.