I have found that several spammers are exploiting weak or non-existent passwords on some MS Exchange servers using external SMTP authentication. I have also found out (through Tech Net) how to turn on logging for SMTP authentication and see what account is being abused for this purpose. However, this is too reactive of an approach. Does anyone know of a way or a tool to audit existing servers for weak or non-existent SMTP passwords? byron