Exchange sending strange email. Help!

I have a user who, according to Exchange 2003, is sending some erroneous email.

When I track these messages in Exchange, they appear to be sent to server-sa@domain.com.

The strange thing is that I don't have an account for server-sa. Plus, this user only uses OWA. When I check his email, there is no trace of emails being sent to server-sa.

What could this be and how can I resolve it?
lenivanAsked:
Who is Participating?
 
DovinshkaCommented:
Have you tried to run a packet sniffer? This will tell you where traffic is being generated from. You can also filter the results to just show SMTP packets.

You may also wish to configure security auditing to see logon events at the time the email was sent.

Dov.
0
 
DovinshkaCommented:
Are these emails being generated on a regular basis or are they random?

You may wish to run a sniffer such as Wireshark, http://www.wireshark.org/  to capture SMTP packets and filter the results.

It could be a rogue application, malware, etc.

Dov.
0
 
4eosCommented:
Possible backscatter.
0
 
lenivanAuthor Commented:
no other ideas?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.