dougb9429
asked on
High volume of outgoing emails being relayed through Exchange
Hi there, we have a HUGE amount of email (which I've only just noticed) being sent out through our client's exchange server.
I logged into OWA, and noticed there was arround 40000 emails in the inbox, nearly all of them were bouncebacks from various people. I then checked Exchange tracking centre, and its just spewing out loads of emails.
I'm pretty sure open relay isn't enabled on the server, as I've compared the config with another SBS server.
is there anyway I can track where these emails are being sent from? Perhaps they are coming from a client with a virus on.
I'm surprised they haven't been blacklisted...
ANy help would be much appreciated.
I logged into OWA, and noticed there was arround 40000 emails in the inbox, nearly all of them were bouncebacks from various people. I then checked Exchange tracking centre, and its just spewing out loads of emails.
I'm pretty sure open relay isn't enabled on the server, as I've compared the config with another SBS server.
is there anyway I can track where these emails are being sent from? Perhaps they are coming from a client with a virus on.
I'm surprised they haven't been blacklisted...
ANy help would be much appreciated.
ASKER
Hi there, thanks for your reply.
Is there any way I can check the headers of the emails that have been sent out? Either thru OWA or through Exchange??
I will kick off a scan straight away.
Is there any way I can check the headers of the emails that have been sent out? Either thru OWA or through Exchange??
I will kick off a scan straight away.
Hi
Have you enabled e-mail journalling at all ? if so this would keep a copy of everything that was sent ?
Do you use a hosted anti spam solution or similar e.g. e-mailsystems ?
Have you enabled e-mail journalling at all ? if so this would keep a copy of everything that was sent ?
Do you use a hosted anti spam solution or similar e.g. e-mailsystems ?
ASKER
No journaling isn't enabled...
And no, we use GFI Mail Essentials for anti spam.
I suppose if I enable journaling now, it will still pick up email, then I guess I could read the headers of that?
And no, we use GFI Mail Essentials for anti spam.
I suppose if I enable journaling now, it will still pick up email, then I guess I could read the headers of that?
ASKER
I've enabled journaling, and it's picking up other emails, but all the emails being sent from the administrator account are not being journaled, despite them all showing in the exchange tracking centre.
What version of exchange are you running and how have you enabled journalling ?
(sorry but dependent on the version there are a few ways to do it).
Also can you see if the mails are being sent from one account ? if so is it possible to disable that account's mailbox whilst the problem is diagnosed.
(sorry but dependent on the version there are a few ways to do it).
Also can you see if the mails are being sent from one account ? if so is it possible to disable that account's mailbox whilst the problem is diagnosed.
ASKER
It's 2003 on an SBS Server (SP2)
I set up a new user for journaling, right clicked on the mailbox store, and selected archive sent/received messages.
The account is actually the administrator account. It has a secondary email called postmaster@ and all the emails are being sent from there.
I set up a new user for journaling, right clicked on the mailbox store, and selected archive sent/received messages.
The account is actually the administrator account. It has a secondary email called postmaster@ and all the emails are being sent from there.
Did you find anything from the e-mail headers which indicates the sender/recipient of mail sent/received ?
Have you checked your 2003 server to ensure its not a relay?
I'd also consider enabling advanced journaling to cover BCC, Distribution lists etc
http://www.microsoft.com/downloads/details.aspx?familyid=e7f73f10-7933-40f3-b07e-ebf38df3400d&displaylang=en
Have you checked your 2003 server to ensure its not a relay?
I'd also consider enabling advanced journaling to cover BCC, Distribution lists etc
http://www.microsoft.com/downloads/details.aspx?familyid=e7f73f10-7933-40f3-b07e-ebf38df3400d&displaylang=en
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After uninstalling and reinstalling GFI it seemed to work! Thanks for putting me on the right track!
Check the e-mail headers - http://www.stopspam.org/email/headers.html
Do you have e-mail antivirus client for outlook or similar - might be worth a scan..