[BNM] Exchange Server 2000 Relay Abuse? - Help!

[Alan Braddish]

Hi All,

A client of mine is running an Exchange 2000 Server, and we have noticed
that in the last 5 days, over 300,000 emails have been scanned by the
TrendMicro Scanmail program running on the server.

There is no way my client is generating that many emails, so we were
wondering whether the server is being used as an open-relay for spammers? 

I found some documents on the web that describe how to lock down Exchange so
that it's not used as an open-relay (by default Exchange is supposed to be
configured correctly/safely in this regard), and the settings seem to be in
order, however, how then can one explain 300,000 emails going through the
server over the last 5 days?

The server is up-to-date with Windows Updates, but doesn't have an
anti-virus scanner in Windows, other than the ScanMail program used on
Exchange itself.  I guess the server could be infected somehow, but I feel
this is unlikely...?

If anybody has any suggestions on ways forward, I'd be very grateful.  If it
comes down to it, my client is willing to hire somebody with relevant
experience to come in and troubleshoot the situation, after I have addressed
the basic security concerns.

Thanks.
Alan