Solved

Exchange sending strange email. Help!

Posted on 2008-06-13
4
309 Views
Last Modified: 2010-03-06
I have a user who, according to Exchange 2003, is sending some erroneous email.

When I track these messages in Exchange, they appear to be sent to server-sa@domain.com.

The strange thing is that I don't have an account for server-sa. Plus, this user only uses OWA. When I check his email, there is no trace of emails being sent to server-sa.

What could this be and how can I resolve it?
0
Comment
Question by:lenivan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 4

Expert Comment

by:Dovinshka
ID: 21783608
Are these emails being generated on a regular basis or are they random?

You may wish to run a sniffer such as Wireshark, http://www.wireshark.org/  to capture SMTP packets and filter the results.

It could be a rogue application, malware, etc.

Dov.
0
 
LVL 2

Expert Comment

by:4eos
ID: 21783806
Possible backscatter.
0
 

Author Comment

by:lenivan
ID: 21823605
no other ideas?
0
 
LVL 4

Accepted Solution

by:
Dovinshka earned 500 total points
ID: 21827836
Have you tried to run a packet sniffer? This will tell you where traffic is being generated from. You can also filter the results to just show SMTP packets.

You may also wish to configure security auditing to see logon events at the time the email was sent.

Dov.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question