Might consider downloading iislockd. It is a tool provided by microsoft that goes through your IIS configuration and locks it down. There are several samples that are provided with IIS default installs that have many well known vulnerabilities, some of which can be used to relay mail.

There is also the M$ baseline security analyzer that will go through and analyze this stuff as well.

I would highly recommend looking into these.

Neb