Wow…. I do feel for you! I agree that your sysadmins are not as technically skilled as they may think they are or making those who hired them believe they are.
The first thing to do is to remove the ability to relay e-mail off your server. This is not a normal condition for a company e-mail server except for permitted parties and even then relay is not a good thing. Right now your mail server is an open relay. This is why you are getting nastygrams from other companies and the real reason that sometimes your company’s legitimate outbound mail is being spam filtered (companies tend to blacklist/blackhole known relay sources). It really does not have to do with the PTR record or reverse DNS. I have had other companies tell me that but actually they don’t understand how to whitelist a company or that not all organizations really do have PTR records setup that match their inbound MX records. I don’t know myself how to remove the open relay settings on Exchange so someone else will have to help you there.
As far as the password issue goes…. my answer to that is bullhockey!! Why can’t the passwords be changed? They should be the same as the users’ Active Directory passwords (if Exchange is AD integrated) or something else but there should be no reason why all users should have the same password!! This sounds like someone wants to be able to get into other folks mailboxes without them knowing that it happened.
I think you should find a good implementation partner and go implement Exchange 2007 and not migrate any of the old e-mail over to the new platform. Implement a pristine and competently managed environment (not by your local sysadmin staff). Take ownership of it and tell the sysadmins they are responsible for desktop support and the servers are yours.
I would be glad to talk to you more about this situation. If you ask a moderator to contact me on your behalf, they will let me know your contact information to get back to you on this issue.
You can remove the open relay ability in Exchange 2003 by opening Exchange System Manager and selecting Servers >
(your server name) > Protocols > SMTP and right-clicking “Default SMTP Virtual Server” (or whatever it might be named).
Choose “Properties” from that list. Under the Access tab, click “Relay”. You really only need to allow localhost (127.0.0.1) and your server’s private IP addres to relay if your network is set up properly, so choose “Only the list below” and add these two IP addresses to the list. You should also make sure the box to “allow all computer which successfully authenticate to relay”, so that your users will be able to send email out. After this, head over to mxtoolbox.com and run their Diagnostics test, which will, among other things, check if your server is operating as an open relay.
While you’re there, you should also check your domain in their Blacklist checker. If you are blacklisted on any of the RBLs, you will have to contact them to get removed (which is not the easiest thing in the world).
As for setting up reverse DNS, you will have to contact your ISP tech support and ask them to set up a PTR record for your domain.