Solved

Figure out where e-mail is coming from verify not from inside

Posted on 2008-10-02
5
180 Views
Last Modified: 2012-05-05
We have been getting a lot of spam built up on our mail queues, i have verified we are not a open relay and have implemented the filter reciepents who are not in ad and Tar pitting, I still have my mail queues building up with thousands of messages, last night i deleted 640000 of them, is there a way i can make sure these are not coming from a infected pc inside the company, how can i tell where they are coming from?  I can't find anyway other than a virus or something on the inside for this to happen, but i did a scan of all of the pc's and the server with our corp av program(Trend Micro) and it found nothing, i told it to scan for everything from a virus, grayware, spyware, malware and any other kind of ware i could check for but my queues are building up again i already have 11000 e-mails in the queues again.   HELP
0
Comment
Question by:charles18602
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 22627728
Please post the Queue details - which queue is backed up?
           - - -
Double click the queue and click Find Now - it will show 100 messages  
Double click on any message - check the message ID - if it has any of your computer/server name, then mails are coming from that system.
If it is a random domain name, Enable the option "Send copy of non-delivery report to" with your email address under SMTP virtual server. Delete few emails with NDR.
Check the header of the original email in the NDR to check the source.

>>>> Veera.
0
 
LVL 1

Author Comment

by:charles18602
ID: 22634221
it is the main queue, under c:\programfiles\exchsrvr\mailroot\queue
0
 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 22634296
Open Exchange System Manager.
Navigate to the server where you have the queues.
check the queue name.

>>>> Veera.
0
 
LVL 1

Author Comment

by:charles18602
ID: 22638979
I am not sure where you are going on this but here you go, there is 49622 queses, almost all of them say small business  smtp connector- something like aol.com etc.  some have one message some have 32000 messages, if i go in and look at them they are all being sent by no address in the company to no one we know outside.  Most of them are some stupid financial scam.  Now is there a way i can tell where these are coming from.  Can you give me anywhere to go with this.  i need to make this stop
0
 
LVL 9

Accepted Solution

by:
Veerappan Sundaram earned 500 total points
ID: 22649721
Enable SMTP logging on the server where you have these queues.
To enable SMTP loggin:
1. open Exchange system Manager
2. Expand Administrative groups
3. Expand respective administrative group.
4. Expand Servers.
5. Expand Server Name.
6. Expand Protocol
7. Expand SMTP
8. Go to properties of SMTP virtual server.
9. under the General Page, Check "Enable Logging"
10. Click on Properties.
11. click on Advanced.
12. Enable all the entities.
13. Apply and ok.

Type "Logfiles" in RUN command to open the log directory.
Open SMTPSVC1 folder.
Analyze the logs to get a clue to fix your issue.

>>>> Veera.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Re-enable a Shared Mailbox Exchange 2013 CU 9 1 22
New-MoveRequest Exchange 2010 Powershell 1 39
Exchange management shell 5 35
EXCHANGE, OUTLOOK, CALENDAR 12 31
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In-place Upgrading Dirsync to Azure AD Connect
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question