I have a number of security groups and distributions groups in my Active directory (2003). They are located with the standard "users" accounts and control mail distribution lists and security group access for my domain. I have just noticed when i went to delete an old security group that their seems to be an exchange mailbox attached to each group, secuity and distribution. It pops up a box and asks if i wish to remove the mailbox associated with the object, which is an old security group. When I go to the Exchange System Manager their is no mailboxes listed for any of the groups. Is this a normal part of how AD works with Exchange could it be malicious. We have had a lot of spam since a breaking and it seems like every email address gets a fair amount, even new users.

We use all Server 2003 and have our own Exchange server that is also the Main DC and the File server doubles as a secondary DC ,hosts files, printers, and DHCP.

My question is it possible someone have hijacked groups or did something to the exchange server to harvest our emails and possibly other information via sending emails in the background. We do have port 25 open in/out on the firewall for SMPT Traffic.

Thank you for any help you could give me...