There are basically three ways an Exchange 2003 server can be abused.
Open Relay
Authenticated relay
NDR spam.
Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.
NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.
My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.aspSimon.