I am concerned that we are sending spam from our computers or exchange server. I have corporate AntiVirus software and Symantec Mail Security for Exchanger server, but I am seeing some strange things in the event log when I turn on Diagnostic Logging. We have a Single Domain controller and a single Exchange Server 2003 member server. All running on Windows 2003 Server.
What I am trying to see is all the email that is being sent to the outside world (internet) through our Exchange Server. In Diagnostic Logging, I have enable "Transport General", "Transport Sending", and "Transport Delivering" on an individual basis then watched the event log to see what it reports. I still am slightly confused by what it means when I have "Sending" and "Delivering" turned on. What I mean is, does Sending mean that email is coming to our server and being sent to our internal users, or does Sending mean when our users send email to external domains (and vice versa)? Regardless, my event viewer is reporting messages like:
Message was successfully delivered to <Kilauea163210firstname.lastname@example.org> on /o="My Domain"/ou=First Administrative Group/cn=Recipients/cn=jjacot.
Internet Msg Id:First Storage Group\Mailbox Store (MAIL-SERVER).
Does this mean that this message from flonetwork.com was sent BY jjacot or sent TO jjacot? jjacot is a user in my office, and I am just trying to figure out if his computer is sending messages on it's own...jjacot has not been in the office all day, but his computer is turned on and logged in.
It doesn't seem to matter which of the "Transport Gen/Send/Deliver" I have enabled. The event viewer messages still reflect the same things. I sent a test email from my Outlook to my yahoo account and didn't see any event logged about the message being sent. Is there a place where I can see all the emails going out from my network?