Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

HELP... I need to find the internal IP address of an outlook client in Exchange 2003

This is the issue... I may have an outlook client that is sending spam. How can I find out the clients IP that is sending the spam to the exchange server.
I have tried logging and it isn't descrptive enough. The spam has a blank from address so I can't track it that way.

0
dheffley
Asked:
dheffley
  • 5
  • 4
1 Solution
 
LeeDerbyshireCommented:
If it is coming from Outlook, then I am sure that the outgoing spam will actually have the correct sender's name, since Exchange always uses the default SMTP address as the sender.  You can probably find the suspected items listed in your outgoing SMTP queues.

Of course, the spam may not be coming from Outlook at all (although that was where the client got infected) - it may be coming from a stand-alone SMTP server installed on the workstation by a trojan.

Are you sure that the spam is actually going through the Exchange server in some way?
0
 
dheffleyAuthor Commented:
I am fairly sure that it is a client due to the fact that I pay for an external mail relay service and the only machine that has the login information to the service is the exchange server. The Service provides me the originating ip of the email and it is my exchange server.
0
 
dheffleyAuthor Commented:
I was just thinking after my last post that if a virus gets on a pc; do you think that it could sniff and find an exchange server and utilize it with its own SMTP engine but uses exchange for email routing and delivery?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LeeDerbyshireCommented:
Are you sure that it is spam that is originating from your server?  The blank From address might indicate that the mails are simply NDRs sent back out by your server in response to incoming (but badly addressed) spam attempts.  I think it's rare to see spam with no From address, whereas NDRs need a blank From address to avoid creating mail loops.
0
 
dheffleyAuthor Commented:
That is a possibility... Does exchange send a NDR by default?
0
 
LeeDerbyshireCommented:
Yes, but you can turn them off in ESM.  Global settings, Internet Message Formats, Default, Advanced, Allow Non-delivery Reports.
0
 
dheffleyAuthor Commented:
I will check it out and let you know...
0
 
dheffleyAuthor Commented:
Thanks a million... It was the exchange server sending the NDRs that was causing the issue.
0
 
LeeDerbyshireCommented:
You're welcome.  It's a very common problem, mistaking NDRs for outgoing spam.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now