charles18602
asked on
Figure out where e-mail is coming from verify not from inside
We have been getting a lot of spam built up on our mail queues, i have verified we are not a open relay and have implemented the filter reciepents who are not in ad and Tar pitting, I still have my mail queues building up with thousands of messages, last night i deleted 640000 of them, is there a way i can make sure these are not coming from a infected pc inside the company, how can i tell where they are coming from? I can't find anyway other than a virus or something on the inside for this to happen, but i did a scan of all of the pc's and the server with our corp av program(Trend Micro) and it found nothing, i told it to scan for everything from a virus, grayware, spyware, malware and any other kind of ware i could check for but my queues are building up again i already have 11000 e-mails in the queues again. HELP
ASKER
it is the main queue, under c:\programfiles\exchsrvr\m ailroot\qu eue
Open Exchange System Manager.
Navigate to the server where you have the queues.
check the queue name.
>>>> Veera.
Navigate to the server where you have the queues.
check the queue name.
>>>> Veera.
ASKER
I am not sure where you are going on this but here you go, there is 49622 queses, almost all of them say small business smtp connector- something like aol.com etc. some have one message some have 32000 messages, if i go in and look at them they are all being sent by no address in the company to no one we know outside. Most of them are some stupid financial scam. Now is there a way i can tell where these are coming from. Can you give me anywhere to go with this. i need to make this stop
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
- - -
Double click the queue and click Find Now - it will show 100 messages
Double click on any message - check the message ID - if it has any of your computer/server name, then mails are coming from that system.
If it is a random domain name, Enable the option "Send copy of non-delivery report to" with your email address under SMTP virtual server. Delete few emails with NDR.
Check the header of the original email in the NDR to check the source.
>>>> Veera.