[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Exchange Message Tracking with only the sent Domain available not whole address?

Posted on 2005-04-13
Medium Priority
Last Modified: 2008-03-17
I am running Exchange 2003. I have used the message tracking center and it work great if you have the full address, from or to, that a message was sent to. I have been getting a few different messages in the Exchange Server 2003 Eventlog saying that messages to particular domain say:  dunlopdriver.com has failed but it keeps trying to send; many times. IT ONLY GIVES THE DOMAIN NOT THE FULL EMAIL ADDRESS :(

My question is, is this merely a persistent user or is the machine infected with spyware or some other program. I wanted to know who was sending the message to that domain.  I tried to do a search for all messages sent to: *@dunlopdriver.com but that does not work.

Anyone, know how I can go about tracking all messages sent to a particular domain without knowing the full recipient email address.

Thanks for you help.
Question by:bwalan
  • 2
LVL 104

Accepted Solution

Sembee earned 750 total points
ID: 13775909
Message tracking is good at what it is designed to do - track a particular message. It isn't too good at doing anything else.

The more recent viruses have tended to have their own SMTP server built in and will try and send directly. The trojans that make up BOTNETS will send via the ISPs SMTP Server.

Therefore I would say that this is a persistent user - especially if it is a single domain. What might be happening is that the message is not being sent, either because your server cannot resolve the address or it is being blocked.
If you look in the queues you may see messages to this domain listed.

Are you collecting copies of the NDRs? If not, you might want to. This will give you an idea of why the messages are failing.
I wouldn't use your own mailbox for NDR messages - and as you can't use a public folder you will need to use another mailbox.
Set the full email address (administrator@domain.com or whatever) in
ESM, Admin Groups, <your admin group>, Servers, <your server>, protocols, SMTP. Right click on Default SMTP VS and choose Properties. Click on the tab "Messages".

Exchange MVP.

Author Comment

ID: 13781853
Thats great advice and I'll take it but is there a tool that I can purchase that will let me do wil card searches on all sent items such as:  * for senders and *.domain.com for recipient.

Maybe there is no such tool?

LVL 104

Expert Comment

ID: 13784775
If you want stats out of Exchange then the best is Quest Message Stats. I have had a play with an evaluation version of a fairly high traffic Exchange server and it was fantastic. It uses Message Tracking data, so if you already have Message Tracking enabled then you have information it can use immediately.

LVL 16

Expert Comment

ID: 13812230
Did you try putting just the domain name "dunlopdriver.com" in the message tracker?
Previous versions of exchange permit this.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month20 days, 8 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question