[Looks like I'll give up on UTF with all the broken clients out there....sorry for the inconvenience.]
> When I reset the password on the two accounts that were sending all the > spam, it stopped and hasn't returned so the only conclusion I've come up > with is that these two accounts got their password stolen, and then some > script or bot accessed their OWA account and sent all the spam. > > Does that sound possible/logical? Sounds like the users where phished and from what I've heard, this is very common at edu's. You might want to check out installing something like Untangle which has an anti-phishing filter <http://www.untangle.com/> in front of your mail server(s). If you're motivated enough to install a Linux based mail gateway you may be able to use this nifty scanning software called Kochi which actually tries to authenticate to your AD: <http://oss.lboro.ac.uk/kochi1.html> I guess there's some client based tools too to stem the flow of passwords through the browser, check out the Wikipedia article for a list of things to try: http://en.wikipedia.org/wiki/Anti-phishing_software ~JasonG
