Link to home
Start Free TrialLog in
Avatar of charles18602
charles18602Flag for United States of America

asked on

Figure out where e-mail is coming from verify not from inside

We have been getting a lot of spam built up on our mail queues, i have verified we are not a open relay and have implemented the filter reciepents who are not in ad and Tar pitting, I still have my mail queues building up with thousands of messages, last night i deleted 640000 of them, is there a way i can make sure these are not coming from a infected pc inside the company, how can i tell where they are coming from?  I can't find anyway other than a virus or something on the inside for this to happen, but i did a scan of all of the pc's and the server with our corp av program(Trend Micro) and it found nothing, i told it to scan for everything from a virus, grayware, spyware, malware and any other kind of ware i could check for but my queues are building up again i already have 11000 e-mails in the queues again.   HELP
Avatar of Veerappan Sundaram
Veerappan Sundaram
Flag of India image
Please post the Queue details - which queue is backed up?
           - - -
Double click the queue and click Find Now - it will show 100 messages  
Double click on any message - check the message ID - if it has any of your computer/server name, then mails are coming from that system.
If it is a random domain name, Enable the option "Send copy of non-delivery report to" with your email address under SMTP virtual server. Delete few emails with NDR.
Check the header of the original email in the NDR to check the source.

>>>> Veera.
Avatar of charles18602
charles18602
Flag of United States of America image

ASKER

it is the main queue, under c:\programfiles\exchsrvr\mailroot\queue
Avatar of Veerappan Sundaram
Veerappan Sundaram
Flag of India image
Open Exchange System Manager.
Navigate to the server where you have the queues.
check the queue name.

>>>> Veera.
Avatar of charles18602
charles18602
Flag of United States of America image

ASKER

I am not sure where you are going on this but here you go, there is 49622 queses, almost all of them say small business  smtp connector- something like aol.com etc.  some have one message some have 32000 messages, if i go in and look at them they are all being sent by no address in the company to no one we know outside.  Most of them are some stupid financial scam.  Now is there a way i can tell where these are coming from.  Can you give me anywhere to go with this.  i need to make this stop
ASKER CERTIFIED SOLUTION
Avatar of Veerappan Sundaram
Veerappan Sundaram
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial