Improve company productivity with a Business Account.Sign Up

x
?
Solved

How do I view Admin email sent externally?

Posted on 2008-06-10
6
Medium Priority
?
254 Views
Last Modified: 2011-10-19
I am running SBS2003 with Exchange.  Whenever I recieve my Server Usage Report I notice that the Administrator account sends out 100-150 emails, but only about 25% of them are internal recipients, the rest are external recipients.  (In my last report I had 115 emails sent, with 27 internal recipients, and 88 external recipients.)

I am assuming that these are NDR's that are being sent out whenever we receive random spam, but I am not sure.

How do I view Admin email sent to external recipients so I can confirm that my Admin account is not comprimised and sending out spam?

Thank you!  =)
0
Comment
Question by:EdgeTod
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755805
Open up the Admin mailbox from OWA and check and see whats in the sent items...
0
 

Author Comment

by:EdgeTod
ID: 21755875
Thank you for the suggestion.

When I go to OWA for the admin account, the Sent Items folder is empty.  It does not appear that any of the sent emails (internal or external) are stored/logged here.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755901
Use the message tracking feature through exchange.  This will show you if any has been sent.  It will not show you what was sent (ie you wont be able to open the email)
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:EdgeTod
ID: 21959575
After looking through the message I see plenty of messages sent by my admin account that are sent to random addresses with no subject in the report header.

I assume these are NDR's to spam email that we recieve?  I can not tell though.  I would expect to see a subject in the report header.

Attached is a screenshot of one of the messages from the message tracking.

Is there a way to tell what is in the message?  Maybe have sent emails cc'd to me?
tracking.jpg
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 2000 total points
ID: 21964368
The message tracking shows just what you see it wont show you the email.  For that you need some sort of capability such as email backups or journaling.
Journaling basically stores a copy of every email send in and out of the organization.
Obviously the downside is the size of that account will grow very large.

At this point unless you have some sort of email archiving in place the only thing you can do is turn on journaling.  This wil allow you to see the contents.

I would advise running your machine for virii and change the admin password immediately.

http://technet.microsoft.com/en-us/library/aa997525.aspx
0
 

Author Comment

by:EdgeTod
ID: 21969007
Thank you.  I will try to start journaling so I can get a handle on what emails are being sent out.

I've got a virus package on it so I'll check the latest scan logs and make sure the scans are being done.

I'll also change the admin password just to make sure the backdoor is actually closed.

Thank you!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Migrating Exchange data from one Exchange Server to another server is complicated. Though Exchange administrators can try manual methods to migrate their data from one version of Exchange to another, these manual methods are not that reliable. That…
Are you working to mount the dismounted Exchange 2013 database? Then the best course of action is to analyze the causes of Database issue, their probable solutions and decide for the appropriate course of action.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question