Dan
asked on
email spoofed?
Not sure if someone spoofed our domain and used my exchange server to send out tons of emails, but that's what it looks like to me what happened. I have attached a screenshot of the logs from my exchange server 2007 SP2. For some reason, the system won't let me download them, but my exchange server is telling me that an email address from my domain, which the email does exist in AD, sent out thousands of emails a few days ago.
How could this be, because no one actually has the email in question, it's just used to receive certain emails at. How can I research this fruther to see if someone hacked into my system or to see what happened.
Any help with this will be much appreciated.
exchangeerrors.jpg
How could this be, because no one actually has the email in question, it's just used to receive certain emails at. How can I research this fruther to see if someone hacked into my system or to see what happened.
Any help with this will be much appreciated.
exchangeerrors.jpg
ASKER
The client IP listed is my exchange server. That's the frusstrating part, it doesn't show me the actualy client (computer) IP address, but only the IP address of my exchange server. I have Panda Antivirus on the server, but it doesn't show that it has a virus, but I'll run the scan and perhaps try a few other scans on it as well using different antivirus software.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So to what mailbox would I deny outbound external mail for?
The link you referenced was for 2003, but I have 2007 SP2 installed.
How do I setup journaling for that internal address to monitor, I'm not sure what you mean by that?
The link you referenced was for 2003, but I have 2007 SP2 installed.
How do I setup journaling for that internal address to monitor, I'm not sure what you mean by that?
ASKER
Thanks for your help, the problem wasn't solved, but I need to close the ticket.
Since the address is good on your side, I'd expect Exchange to send it if the client is authenticated.