?
Solved

Monitoring outgoing email from Exchange 2003

Posted on 2007-12-06
6
Medium Priority
?
1,639 Views
Last Modified: 2012-11-03
Hey Guys,

Been Googling ways to somehow monitor my outgoing email traffic from my Exchange 2003 email server.
Is there a way to do this from within exchange? I see queues but not exactly what the emails are.
I recieve a ton of Spam but I am unsure if we are sending out spam ourselves. I can read my firewall logs shwoing me the tons of email we recieve and we are just a 50 employee company.

Are there some free tools or inexpensive tools that can do what I have metioned above?
I am also been perusing Slipstick but i haven't gotten any answers. This forum usually has some great advise.

Thanks in Advance.
0
Comment
Question by:NetNinja
  • 2
  • 2
  • 2
6 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20421942
If your server is being abused, then it is normally obvious by the queues. However if you are sending outbound email through your ISP then you wouldn't see the queues.

Do you have recipient filtering enabled? If not, turn it on. http://www.amset.info/exchange/filter-unknown.asp

Message tracking should give you an idea of what is going through the server.
http://www.amset.info/exchange/message-tracking.asp

Are you using IMF?

Simon.
0
 

Author Comment

by:NetNinja
ID: 20422602
Simon,

yes I am using IMF. However I did not have the option "Filter Recipients who are not in the directory" option checked.
I also added the TarPit to my registry.
Funny how easy it is to miss these check boxes.
Hopefully that stems the tide a little bit.


I have looked at the other link you sent me.
I have enabled thge logging and set it for 5 days worth of logs because of the ammount of email that is flowing in.

Tracking messages is rather tedious because you have to click on each individual one and then try to determine if it's a legitimate email. Some are easy because they are not from anyone particular in the company, but then we are trying to track a trend so it may stick out like a sore thumb.

What I am seeing is that my IP address from my network keeps getting added to the SPAM Blacklists. Pissing me off royaly because it's so hard to track down that sort of thing.



0
 
LVL 104

Expert Comment

by:Sembee
ID: 20422989
Are you sending email out directly or using a smart host?
Do you have more than one external IP address?
It doesn't have to be your server that is causing the blacklisting - it could be a client.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 31

Expert Comment

by:rid
ID: 20423382
It's not unlikely that the NDRs are the culprit - you're sending NDR spam by being spammed. Seems popular nowadays. Also, I noticed that users who set an "out-of-office" autoreply cause considerable outgoing traffic and I have tried to disencourage my users to set that sort of thing. Even if the system is "smart" and replies one time only to any specific sender.... there are such a lot of spammers....
/RID
0
 
LVL 31

Expert Comment

by:rid
ID: 20423391
Sorry, a mistake in the tense here; since you've enabled the user filtering, it should of course be "NDRs were the culprit" and "you were sending..."
/RID
0
 

Author Comment

by:NetNinja
ID: 20502835
Simon,

Thanks so much, What I ended up doing was using IPchains on a linux box and closed down any SMTP traffic other than Exchange.

I was not able to find the culprit. We have been off the spam list for a week now So maybe it was a rogue machine.

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
Fix RPC Server is unavailable Error in Exchange 2013, 2010, 2007, and 2003 Server. Different reason can such as network connectivity issue, name resolution issue, firewall, registry corruption that lead to RPC Server Unavailable error.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question