Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How do I view Admin email sent externally?

Posted on 2008-06-10
6
227 Views
Last Modified: 2011-10-19
I am running SBS2003 with Exchange.  Whenever I recieve my Server Usage Report I notice that the Administrator account sends out 100-150 emails, but only about 25% of them are internal recipients, the rest are external recipients.  (In my last report I had 115 emails sent, with 27 internal recipients, and 88 external recipients.)

I am assuming that these are NDR's that are being sent out whenever we receive random spam, but I am not sure.

How do I view Admin email sent to external recipients so I can confirm that my Admin account is not comprimised and sending out spam?

Thank you!  =)
0
Comment
Question by:EdgeTod
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755805
Open up the Admin mailbox from OWA and check and see whats in the sent items...
0
 

Author Comment

by:EdgeTod
ID: 21755875
Thank you for the suggestion.

When I go to OWA for the admin account, the Sent Items folder is empty.  It does not appear that any of the sent emails (internal or external) are stored/logged here.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21755901
Use the message tracking feature through exchange.  This will show you if any has been sent.  It will not show you what was sent (ie you wont be able to open the email)
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:EdgeTod
ID: 21959575
After looking through the message I see plenty of messages sent by my admin account that are sent to random addresses with no subject in the report header.

I assume these are NDR's to spam email that we recieve?  I can not tell though.  I would expect to see a subject in the report header.

Attached is a screenshot of one of the messages from the message tracking.

Is there a way to tell what is in the message?  Maybe have sent emails cc'd to me?
tracking.jpg
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 500 total points
ID: 21964368
The message tracking shows just what you see it wont show you the email.  For that you need some sort of capability such as email backups or journaling.
Journaling basically stores a copy of every email send in and out of the organization.
Obviously the downside is the size of that account will grow very large.

At this point unless you have some sort of email archiving in place the only thing you can do is turn on journaling.  This wil allow you to see the contents.

I would advise running your machine for virii and change the admin password immediately.

http://technet.microsoft.com/en-us/library/aa997525.aspx
0
 

Author Comment

by:EdgeTod
ID: 21969007
Thank you.  I will try to start journaling so I can get a handle on what emails are being sent out.

I've got a virus package on it so I'll check the latest scan logs and make sure the scans are being done.

I'll also change the admin password just to make sure the backdoor is actually closed.

Thank you!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question