Guys, i had a hack on my site (cause the host had an insecure iis_user password). I belive the hackers might have got a username / password to my exchange server from web.config.

My server is now black listed. http://www.spamcop.net/bl.shtml?91.84.42.57

Open relay ect is off. Is there anyway i can see outbound messages easy? Theres only a few accounts, and everything looks fine in the sent boxes.

Thanks all.

Ive just found a whole bunch of dodgy messages in the smtp outbound queue! Grrr.

Well if you know the user that's being used to send just disable the account. Once they've got user/pass there isn't much else you can do really.

ooo spamcop :) ... they are fun to deal with. You must have been putting out some traffic because I believe they use a system where you need to hit a certain number of there "spam traps" within a certain time period.

They are widely used to, we got hit by them once and most ISP's and gov departments etc wouldn't accept our emails.

We used our firewall to capture the outgoing email to get a better picture of what was happening.