We help IT Professionals succeed at work.

Figure out where e-mail is coming from verify not from inside

charles18602
charles18602 asked
on
214 Views
Last Modified: 2012-05-05
We have been getting a lot of spam built up on our mail queues, i have verified we are not a open relay and have implemented the filter reciepents who are not in ad and Tar pitting, I still have my mail queues building up with thousands of messages, last night i deleted 640000 of them, is there a way i can make sure these are not coming from a infected pc inside the company, how can i tell where they are coming from?  I can't find anyway other than a virus or something on the inside for this to happen, but i did a scan of all of the pc's and the server with our corp av program(Trend Micro) and it found nothing, i told it to scan for everything from a virus, grayware, spyware, malware and any other kind of ware i could check for but my queues are building up again i already have 11000 e-mails in the queues again.   HELP
Comment
Watch Question

Veerappan SundaramSenior Technical Consultant
CERTIFIED EXPERT

Commented:
Please post the Queue details - which queue is backed up?
           - - -
Double click the queue and click Find Now - it will show 100 messages  
Double click on any message - check the message ID - if it has any of your computer/server name, then mails are coming from that system.
If it is a random domain name, Enable the option "Send copy of non-delivery report to" with your email address under SMTP virtual server. Delete few emails with NDR.
Check the header of the original email in the NDR to check the source.

>>>> Veera.

Author

Commented:
it is the main queue, under c:\programfiles\exchsrvr\mailroot\queue
Veerappan SundaramSenior Technical Consultant
CERTIFIED EXPERT

Commented:
Open Exchange System Manager.
Navigate to the server where you have the queues.
check the queue name.

>>>> Veera.

Author

Commented:
I am not sure where you are going on this but here you go, there is 49622 queses, almost all of them say small business  smtp connector- something like aol.com etc.  some have one message some have 32000 messages, if i go in and look at them they are all being sent by no address in the company to no one we know outside.  Most of them are some stupid financial scam.  Now is there a way i can tell where these are coming from.  Can you give me anywhere to go with this.  i need to make this stop
Senior Technical Consultant
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.