The quick answer is very. I recently had the delight to be presented with a 2003 SBS machine that was sending out thousands of SPAM email messages. At first i thought “open relay” but no, a quick telnet and attempt to send an email as an outside domain failed, so that wasnt the issue.
The big problem was that this was an Econel 50 machine, with 1GB of RAM, and is 5 years + old. The SPAM was killing the machine.
I enabled every part of logging that i could, up to the highest level, but my main issue came from the SMTP logs. There was no source IP being detailed at all. And when i closed the SMTP port on the router/firewall, the queues stayed filling up.
I started to look around, and came across the security log in the eventvwr and say a user logging in and out almost 100 times in the space of thirty minutes. Whats more, i knew that this user was no longer in use. I immediately disabled the user, changed the password on the user, and cleared the queue. I then opened up the various ports, turned exchange back on, and boom, spam gone.
Seems that a generic user with a generic password was the culprit. so if you setup a “sales” or “marketing” or “teacher” user, pleease do NOT use the same as the password!!