• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

Track email

I have an email that a user received from himself. It says his name in the from and to fields. Is there any way to track where this email came from and who sent it disguised as the user? We use exchange 2003
3 Solutions
You can look at the email headers.  It will give you hints as to the source of the email.  

Right click the email and select options in the Inbox view.

The Internet Headers will give you some idea on where it came from.
rajarorausAuthor Commented:
I have already tried that and this particular email does not show any headers. I also tracked the email in exchange system manager and I only shows as being sent from the same person to himself.
That means that it was sent from your own server.  

So, there are a couple of things here.

Do you have an open relay?  Not likely, but it's possible.  

The email was sent from another user on your network.

This could also be some malware on the network that is using addressbook entries.  

If there are no message headers and ESM Message Tracking shows that the user sent it to himself, then either:

a) The user did send it to himself;
b) Someone has compromised the security of the user's account with their username and password and sent the message to the user using his credentials whilst logged in to the Exchange server. As it is local, it wouldn't show any headers. This could be through OWA, SMTP account etc.

I would assume it's the latter, in which case you should immediately change the user's password. You can also examine the IIS logs to look at OWA activity for this particular user; do a search for W3SVC1 and the log files for IIS's default website are in there, sorted by date.

It could also be someone with Send As permissions.
You should check who has Send As and whether anyone can send as anyone else.


If your question has been answered, pleased remember to accept the answer and close the question.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now