Solved

How do I identify where local outgoing SPAM may be coming from  in the SBS 2003 Exchange administrator interface?

Posted on 2009-05-06
3
505 Views
Last Modified: 2012-05-06
I have a couple of clients using SBS 2003 with Exchange and when I look at the Queue's in the Exchange admin I am seeing SMTP connectors to foriegn domains (i.e. .it, .fr, .ru, etc..) and I know it is SPAM.

I found articles on how to freeze the connections and remove them but what I need to figure out is how to identify which machine(s) they are originating from. I have run AV and Root Kits scans on the PC's but have found nothing so I am hoping that Exchange will let me know where the email are coming from.

Thansk in advance for any help and suggestions!

screen-shot.jpg
0
Comment
Question by:shibumi1224
3 Comments
 
LVL 2

Expert Comment

by:chris_shaw
ID: 24317621
You could temporarily turn on Archiving (in the Mailbox Store properties).  Create a dummy account (called Archive or such like) and set archiving of all emails to go to this account.  Then log on to the account (or use OWA) and check the copy of Sent emails.  When you have determined where the spam is coming from turn off archiving and delete the account.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24320113
If you are seeing the messages in your queues, then the email is not coming from inside your network.

This blog posting identifies if the spam originated from inside your network:
http://blog.sembee.co.uk/archive/2009/02/28/93.aspx

This explains what has actually happened.
http://blog.sembee.co.uk/archive/2008/03/13/73.aspx

Looking at the spam is a pointless exercise as it will be bounced off another system. You just need to close the gap and then clean out the queues.

Simon.
0
 

Author Comment

by:shibumi1224
ID: 24337482
Thanks guys... I will work on this over the weekend to see if i can isolate the issue. Will let you know if your suggestions work...
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now