Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do i find out where from the network an email originated from

Posted on 2011-09-16
1
Medium Priority
?
257 Views
Last Modified: 2012-05-12
Hi all,
Of late i have been having a problem, one of the users in my network has been receiving delivery failure messages yet he hasn't sent any emails out. Even when his computer is off messages still are being sent from his account. I am able to find the emails in the message tracking center in the exchange system manager. Is there a way of tracking the specific location in the network that the email originated from?
0
Comment
Question by:Petersennik
1 Comment
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 1000 total points
ID: 36549303
Are you sure you're finding the original *outbound* email in the MT, and not just the inbound NDR (which correspond to the messages your user is showing you)?

This sort of this is most often the result of spam being sent from other systems with a forged Reply-To or <MailFrom> address in the header.  This results in NDRs being sent to random people (instead of clogging up the spamming host with return traffic it doesn't care about).

If that's the case, there's virtually no way to determine the origin of the messages with the forged Reply-To.  If you're lucky, you'll get an NDR with a detailed SMTP transcript in the body.  If you get one of those, let me know...

Other than that, you can bet that this is the result of:
a) a machine not even on your network that has been infected with malware, where the machine user has *your* user's email address on file.
...or...
b) the result of your user's email address having been harvested (or stolen) from some web form somewhere - where the data was entered by your user (to sign up for something, or whatever).

Either way, you're probably not looking at a root cause you can do anything about.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question