We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

HELP... I need to find the internal IP address of an outlook client in Exchange 2003

dheffley
dheffley asked
on
Medium Priority
232 Views
Last Modified: 2010-03-06
This is the issue... I may have an outlook client that is sending spam. How can I find out the clients IP that is sending the spam to the exchange server.
I have tried logging and it isn't descrptive enough. The spam has a blank from address so I can't track it that way.

Comment
Watch Question

CERTIFIED EXPERT

Commented:
If it is coming from Outlook, then I am sure that the outgoing spam will actually have the correct sender's name, since Exchange always uses the default SMTP address as the sender.  You can probably find the suspected items listed in your outgoing SMTP queues.

Of course, the spam may not be coming from Outlook at all (although that was where the client got infected) - it may be coming from a stand-alone SMTP server installed on the workstation by a trojan.

Are you sure that the spam is actually going through the Exchange server in some way?

Author

Commented:
I am fairly sure that it is a client due to the fact that I pay for an external mail relay service and the only machine that has the login information to the service is the exchange server. The Service provides me the originating ip of the email and it is my exchange server.

Author

Commented:
I was just thinking after my last post that if a virus gets on a pc; do you think that it could sniff and find an exchange server and utilize it with its own SMTP engine but uses exchange for email routing and delivery?
CERTIFIED EXPERT

Commented:
Are you sure that it is spam that is originating from your server?  The blank From address might indicate that the mails are simply NDRs sent back out by your server in response to incoming (but badly addressed) spam attempts.  I think it's rare to see spam with no From address, whereas NDRs need a blank From address to avoid creating mail loops.

Author

Commented:
That is a possibility... Does exchange send a NDR by default?
CERTIFIED EXPERT
Commented:
Yes, but you can turn them off in ESM.  Global settings, Internet Message Formats, Default, Advanced, Allow Non-delivery Reports.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I will check it out and let you know...

Author

Commented:
Thanks a million... It was the exchange server sending the NDRs that was causing the issue.
CERTIFIED EXPERT

Commented:
You're welcome.  It's a very common problem, mistaking NDRs for outgoing spam.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.