Hi Todd Depending on what firewall you have, can you allow only the Exchange server outbound SMTP access and then check the logs to see what IP address is sending the messages in the firewall logs? It may not be the Exchange server Also it might be worth doing message tracking on one of the messages to ensure it did or didn't go from the Exchange server. If a machine has a virus it may not be going from the Exchange server. It may be doing the SMTP itself. Whilst you cannot relay from outside you may be able to internally too. You should check that too. A virus infected PC could submit messages if could relay or as mentioned previously it could send directly if can go out directly on port 25. Regards, Paul Lemonidis. From: Todd Lemmiksoo Sent: Friday, January 29, 2010 3:22 PM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] How to find a PC that is sending rogue emails? I have a situation where emails from memberservice@xxxxxxxxxxxx are being routed through my exchange 2003 server. I have scanned every PC in the company and all but a few remote users without finding it. I taken to stopping the outbound message queue at night and deleting the messages in the morning. Is there something I can do on the exchange server to stop the emails from being accepted by Exchange? I have tested my server from the internet and it does not relay. My server is mail.all-mode.com 24.97.109.58 Help! Todd Lemmiksoo Network Administrator All-Mode Communications 1725 Dryden Road Freeville, NY 13068 1-877-all-mode