Someone is using one of my clients servers as a relay. We thought we had fixed the issue and locked everything down internally as thought that was where it was coming from - also locked down in Domino server doc due to some suggestions made by you guys / research etc, but have noticed a sudden increase in the number of nonsense emails going out to random addresses from there again... Server is set up with message labs. Firewall is a bit sus - Its set that ALL WAN traffic in is denied apart from some specific traffic - message labs on port 25, and LAN traffic is allowed out. The firewall is still allowing you to telnet into the server though??!?... Any ideas??