[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 234
  • Last Modified:

Tracking Outbound messages

Hello,

One of the users on our exchange server 2003 system is having a situation where it looks as though some program is sending out emails to other email addresses. The reason we know this is because a couple of times a day they are getting bounced email from one specific email address. We have run virus scans on both the users computer and on the exchange serverAs of right now both computers now appear to be free of viruses. However this user is still getting the bounced email's.

I have looked at the Exchange system manager and used the message tracking center to look for emails that this user sent, but going through and looking at the message properties of each message seems like a very slow and clunky way to look for these messages. When I did a short search for a couple of days I did not see anything that was being sent from our system to the email address that is in question.

Is there any easy way of monitoring all of the outbound email that our exchange server is sending out?

Thanks in advance  
0
apilkington
Asked:
apilkington
  • 2
  • 2
1 Solution
 
craskinCommented:
the message tracking center is pretty much the only built-in way (that i know of) to monitor outbound messages. but it does allow you to filter for quite a lot of things, like sender, recipient, time sent etc.. have you tried just searching for all messages around the time of the NDRs sent to that address? NDRs are sent almost immediately by most servers, so if the email really did come from your network, you'd see it within a few minutes of that time frame. if you find nothing, you're probably ok. remember that many worms spoof their sender addresses so it could be that someone who has your user on his contact list has a worm that is spoofing your users address when it sends out emails.
0
 
craskinCommented:
and in that case, the NDR would be delivered to your user by the recipient's server, not to the actual sender.
0
 
apilkingtonAuthor Commented:
To craskin, this makes sense to me and when I once again get some time to make this issue the priority I will try to look at this information.

To Venabili, just because this is a very low priority issue within our office does not mean that this question has been abandoned. It is more a case where for the last three weeks, other tasks have had higher priority then this particular issue within our office. If this question is closed then when I get back to the point of this task becoming a priority for me to work on I will be reasking this question. By no way has this issue been resolved. do what ever needs to be done but this issue is not as far as I am concerned an abandoned issue as far as I am concerned.
0
 
VenabiliCommented:
If there are no comments in teh last 21 days, it is abandoned.

And not answering to the experts for 3 weeks is rude. They volunteered their time to help you...
0
 
apilkingtonAuthor Commented:
Hello,

I would like to apologize for not answering to the experts who had attempted to answer the question that I had asked. I posted the question on a friday afternoon when things seemed like they were slow. On Monday morning when I showed up at work and received the email showing I had a response to my question I also had other fires that had come up over the weekend that I needed to deal with. I think that even if I had tried to post a response to that message the response would have said something like "Thanks for the information, I will use this information when this issue becomes a priority again" and the question would still have sat waiting for me to get a chance to look into what was going on.

I have to really apologize for even asking the question when I did, because for the last four weeks researching this issue has been a priority of mine. If I had known how things were going to work out I would not have asked the question when I did.

Having said that, today this issue has finally made it back to being a priority of mine. I have been able to find out what is happening with these email's that are showing up. The email that NDR message is in response to are not coming from within our domain, but rather are being sent by from an email address that is related to an old website of one of our clients. The website that the messages are being sent from currently consists of an HTML page that redireects anyone browsing to this website to the website that we developed for this client.

The user within our office who is getting these emails was the user that we had setup to forward the emails for the old site to. What it appears that we need to do is gain access to the old site and change some settings. This is going to be a task for someone else within our company.

Thanks.  
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now