Solved

How do I view Admin email sent externally?

Posted on 2008-06-10
6
241 Views
Last Modified: 2011-10-19
I am running SBS2003 with Exchange.  Whenever I recieve my Server Usage Report I notice that the Administrator account sends out 100-150 emails, but only about 25% of them are internal recipients, the rest are external recipients.  (In my last report I had 115 emails sent, with 27 internal recipients, and 88 external recipients.)

I am assuming that these are NDR's that are being sent out whenever we receive random spam, but I am not sure.

How do I view Admin email sent to external recipients so I can confirm that my Admin account is not comprimised and sending out spam?

Thank you!  =)
0
Comment
Question by:EdgeTod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755805
Open up the Admin mailbox from OWA and check and see whats in the sent items...
0
 

Author Comment

by:EdgeTod
ID: 21755875
Thank you for the suggestion.

When I go to OWA for the admin account, the Sent Items folder is empty.  It does not appear that any of the sent emails (internal or external) are stored/logged here.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755901
Use the message tracking feature through exchange.  This will show you if any has been sent.  It will not show you what was sent (ie you wont be able to open the email)
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:EdgeTod
ID: 21959575
After looking through the message I see plenty of messages sent by my admin account that are sent to random addresses with no subject in the report header.

I assume these are NDR's to spam email that we recieve?  I can not tell though.  I would expect to see a subject in the report header.

Attached is a screenshot of one of the messages from the message tracking.

Is there a way to tell what is in the message?  Maybe have sent emails cc'd to me?
tracking.jpg
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 500 total points
ID: 21964368
The message tracking shows just what you see it wont show you the email.  For that you need some sort of capability such as email backups or journaling.
Journaling basically stores a copy of every email send in and out of the organization.
Obviously the downside is the size of that account will grow very large.

At this point unless you have some sort of email archiving in place the only thing you can do is turn on journaling.  This wil allow you to see the contents.

I would advise running your machine for virii and change the admin password immediately.

http://technet.microsoft.com/en-us/library/aa997525.aspx
0
 

Author Comment

by:EdgeTod
ID: 21969007
Thank you.  I will try to start journaling so I can get a handle on what emails are being sent out.

I've got a virus package on it so I'll check the latest scan logs and make sure the scans are being done.

I'll also change the admin password just to make sure the backdoor is actually closed.

Thank you!
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question