User sending out massive amounts of spam - ORF Forums

I'm running Windows 2003 with Exchange 2003. I currently have a user that started sending massive amounts of spam over the weekend. 12,000+ emails w/ many recipients. I checked my spam filter (ORF Enterprise 4.4) & Message Tracker Center, which says mail is being send from her account.

I had her log off her PC and we changed her password on another PC (in case it was compromised) and i currently have her account set to disabled after we changed the password. Both the logs in exchange and ORF are showing she is STILL sending ton of emails out.

Where can i look to check if the spammer is sending emails out through another account but using her email as a spoof? or is there a way to stop this from happening in ORF? Below is just a few from the spam log. each "releated ip" sends out about 25 emails.


----------------------------------------------------------------
Version: 4.4 REGISTERED
Log Mode: Verbose
Server:
Source: SMTPSVC-1
Time: 5/6/2013 5:08:02 PM
Class: System Message
Severity: Information
Filtering Point: Non-filtering
HELO/EHLO Domain:
Related IP: 207.30.43.122
Message ID:
Sender:
Recipient(s):
----------------------------------------------------------------
Version: 4.4 REGISTERED
Log Mode: Verbose
Server:
Source: SMTPSVC-1
Time: 5/6/2013 5:07:58 PM
Class: System Message
Severity: Information
Filtering Point: Non-filtering
HELO/EHLO Domain:
Related IP: 216.155.116.106
Message ID:
Sender:
Recipient(s):

solved this issue. forgot about my exchange queue.

Is there anything that ORF can do w/ blocking a "set" amount of emails in a certain amount of time?

-Erik

No, but Exchange 2007 and higher has this capability.
http://technet.microsoft.com/en-us/library/bb232205%28v=exchg.80%29.aspx

Your firewall also can likely rate limit based on protocol, sender/receiver, depending on model.

Plan to upgrade to exchange 2013 in July. Thanks for the link indy!