I was recently informed by my ISP that I am sending a lot of SPAM that\ncontains Phishing attacks. I looked at all of the MSKB articles regarding\nsecuring exchange server and locking down the network. I turned up logging\nto max and have bee receiving the following events in the application log:\n\nEventID: 7010\n\nThis is an SMTP protocol log for virtual server ID 1, connection #48. The\nclient at "188.8.131.52" sent a "xexch50" command, and the SMTP server\nresponded with "504 Need to authenticate first ". The full command sent was\n"xexch50 1008 2". This will probably cause the connection to fail.\n\nMy first question is how do I view the "connection" referenced in the event\nlog i.e. how do I view connection #48? Second, how can I stop this? I have\nlocked down my firewall, locked down my exchange server, I don't know what\nelse to do. My IP has been blocked on a lot of blacklists but I don't want\nto request it be removed until I have figured out where the backdoor to my\nsystem is that is letting people send spam off my IP address. I have also\nisolated my server and all computers from the internet and run a full virus\nscan and spyware scan on everything.\n\nI am finally at my last resort because I have tried everything I know of to\nanalyze this thing. Thank you for your time.