?
Solved

How do I view Admin email sent externally?

Posted on 2008-06-10
6
Medium Priority
?
245 Views
Last Modified: 2011-10-19
I am running SBS2003 with Exchange.  Whenever I recieve my Server Usage Report I notice that the Administrator account sends out 100-150 emails, but only about 25% of them are internal recipients, the rest are external recipients.  (In my last report I had 115 emails sent, with 27 internal recipients, and 88 external recipients.)

I am assuming that these are NDR's that are being sent out whenever we receive random spam, but I am not sure.

How do I view Admin email sent to external recipients so I can confirm that my Admin account is not comprimised and sending out spam?

Thank you!  =)
0
Comment
Question by:EdgeTod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755805
Open up the Admin mailbox from OWA and check and see whats in the sent items...
0
 

Author Comment

by:EdgeTod
ID: 21755875
Thank you for the suggestion.

When I go to OWA for the admin account, the Sent Items folder is empty.  It does not appear that any of the sent emails (internal or external) are stored/logged here.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755901
Use the message tracking feature through exchange.  This will show you if any has been sent.  It will not show you what was sent (ie you wont be able to open the email)
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:EdgeTod
ID: 21959575
After looking through the message I see plenty of messages sent by my admin account that are sent to random addresses with no subject in the report header.

I assume these are NDR's to spam email that we recieve?  I can not tell though.  I would expect to see a subject in the report header.

Attached is a screenshot of one of the messages from the message tracking.

Is there a way to tell what is in the message?  Maybe have sent emails cc'd to me?
tracking.jpg
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 2000 total points
ID: 21964368
The message tracking shows just what you see it wont show you the email.  For that you need some sort of capability such as email backups or journaling.
Journaling basically stores a copy of every email send in and out of the organization.
Obviously the downside is the size of that account will grow very large.

At this point unless you have some sort of email archiving in place the only thing you can do is turn on journaling.  This wil allow you to see the contents.

I would advise running your machine for virii and change the admin password immediately.

http://technet.microsoft.com/en-us/library/aa997525.aspx
0
 

Author Comment

by:EdgeTod
ID: 21969007
Thank you.  I will try to start journaling so I can get a handle on what emails are being sent out.

I've got a virus package on it so I'll check the latest scan logs and make sure the scans are being done.

I'll also change the admin password just to make sure the backdoor is actually closed.

Thank you!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question