Here is whats going on.

Someone emailed me the other day with just basic info(from me to someone, to me from someone, as well as text from the message) from an email I sent and/or received telling me that I'm insecure.

They won't tell me how they did it. The issue is it was sent to a mailing list and I'm not sure if that person is on it or not.

I'm running windows2000 and exchange 2000 with all the latest patches/service packs for both. Were in a Citrix Enviornment.

The mail server does have an external ip address and port 135 is open because we have customers who pull down there mail from exchange to there local desktop.

Any ideas or any additional information you need let me know. I'm verious anxious to know how they are doing this and such.