?
Solved

HELP... I need to find the internal IP address of an outlook client in Exchange 2003

Posted on 2006-10-24
9
Medium Priority
?
218 Views
Last Modified: 2010-03-06
This is the issue... I may have an outlook client that is sending spam. How can I find out the clients IP that is sending the spam to the exchange server.
I have tried logging and it isn't descrptive enough. The spam has a blank from address so I can't track it that way.

0
Comment
Question by:dheffley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 17795775
If it is coming from Outlook, then I am sure that the outgoing spam will actually have the correct sender's name, since Exchange always uses the default SMTP address as the sender.  You can probably find the suspected items listed in your outgoing SMTP queues.

Of course, the spam may not be coming from Outlook at all (although that was where the client got infected) - it may be coming from a stand-alone SMTP server installed on the workstation by a trojan.

Are you sure that the spam is actually going through the Exchange server in some way?
0
 

Author Comment

by:dheffley
ID: 17795921
I am fairly sure that it is a client due to the fact that I pay for an external mail relay service and the only machine that has the login information to the service is the exchange server. The Service provides me the originating ip of the email and it is my exchange server.
0
 

Author Comment

by:dheffley
ID: 17795943
I was just thinking after my last post that if a virus gets on a pc; do you think that it could sniff and find an exchange server and utilize it with its own SMTP engine but uses exchange for email routing and delivery?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 17795976
Are you sure that it is spam that is originating from your server?  The blank From address might indicate that the mails are simply NDRs sent back out by your server in response to incoming (but badly addressed) spam attempts.  I think it's rare to see spam with no From address, whereas NDRs need a blank From address to avoid creating mail loops.
0
 

Author Comment

by:dheffley
ID: 17796180
That is a possibility... Does exchange send a NDR by default?
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 1000 total points
ID: 17796258
Yes, but you can turn them off in ESM.  Global settings, Internet Message Formats, Default, Advanced, Allow Non-delivery Reports.
0
 

Author Comment

by:dheffley
ID: 17796553
I will check it out and let you know...
0
 

Author Comment

by:dheffley
ID: 17797098
Thanks a million... It was the exchange server sending the NDRs that was causing the issue.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 17797386
You're welcome.  It's a very common problem, mistaking NDRs for outgoing spam.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question