[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

How do I view Admin email sent externally?

I am running SBS2003 with Exchange.  Whenever I recieve my Server Usage Report I notice that the Administrator account sends out 100-150 emails, but only about 25% of them are internal recipients, the rest are external recipients.  (In my last report I had 115 emails sent, with 27 internal recipients, and 88 external recipients.)

I am assuming that these are NDR's that are being sent out whenever we receive random spam, but I am not sure.

How do I view Admin email sent to external recipients so I can confirm that my Admin account is not comprimised and sending out spam?

Thank you!  =)
0
EdgeTod
Asked:
EdgeTod
  • 3
  • 3
1 Solution
 
ryansotoCommented:
Open up the Admin mailbox from OWA and check and see whats in the sent items...
0
 
EdgeTodAuthor Commented:
Thank you for the suggestion.

When I go to OWA for the admin account, the Sent Items folder is empty.  It does not appear that any of the sent emails (internal or external) are stored/logged here.
0
 
ryansotoCommented:
Use the message tracking feature through exchange.  This will show you if any has been sent.  It will not show you what was sent (ie you wont be able to open the email)
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
EdgeTodAuthor Commented:
After looking through the message I see plenty of messages sent by my admin account that are sent to random addresses with no subject in the report header.

I assume these are NDR's to spam email that we recieve?  I can not tell though.  I would expect to see a subject in the report header.

Attached is a screenshot of one of the messages from the message tracking.

Is there a way to tell what is in the message?  Maybe have sent emails cc'd to me?
tracking.jpg
0
 
ryansotoCommented:
The message tracking shows just what you see it wont show you the email.  For that you need some sort of capability such as email backups or journaling.
Journaling basically stores a copy of every email send in and out of the organization.
Obviously the downside is the size of that account will grow very large.

At this point unless you have some sort of email archiving in place the only thing you can do is turn on journaling.  This wil allow you to see the contents.

I would advise running your machine for virii and change the admin password immediately.

http://technet.microsoft.com/en-us/library/aa997525.aspx
0
 
EdgeTodAuthor Commented:
Thank you.  I will try to start journaling so I can get a handle on what emails are being sent out.

I've got a virus package on it so I'll check the latest scan logs and make sure the scans are being done.

I'll also change the admin password just to make sure the backdoor is actually closed.

Thank you!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now