Solved

Exchange 2003 sending bogus emails

Posted on 2011-09-20
3
293 Views
Last Modified: 2012-05-12
What is the best way to troubleshoot my Exchange 2003 server that is sending out a TON of bogus emails?  I have enabled message tracking and it looks like something is having a great time. :(  Any help to troubleshoot and narrow this down would be great.  I have run an AV scan on the server and came back clean.
0
Comment
Question by:JJMarquart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 36570886
0
 

Author Comment

by:JJMarquart
ID: 36571191
Awesome!  I think I am on the right track.  I have added the sender and recipient filtering and enabled the filter on the virtual SMTP server.  My event log is still recording alot of stuff outlined below.  I disabled the account I found in event viewer that was authenticating and sending email.  Any other tips on the info below would be awesome!

taurshen@ms16.hinet.net      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      ping6677g@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      intermet.tw@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      sugar_honey0913@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      ginny19900505@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      uendy29@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      yiling2247@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      e8229540@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      joanna910818@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      xyzmocha@yahoo.com.tw      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -
2011-9-21      2:1:27 GMT      99.159.239.145      vibwzh.com      -      SERVER      192.168.2.10      qkmjy1oqwde3kx@ms10.hinet.net      1030      a7d7b9ab5b004890b42a175c4bbe96a5@cb9c60fb073e420f9d6b9ffe40886c30      3      0      2774      11      2011-9-14 12:31:22 GMT      0      Version: 6.0.3790.4675      -       =?BIG5?B?WWFob28hqV+8r6nnveYgsN3DRKFHam5lZGliLHByanl6bg==?=      ofkef@pfld.com      -

2011-9-21      2:1:27 GMT      -      -      -      SERVER      -      ugeqz@yahoo.com.tw      1025      I9IJsaJbq00009145@ourdomain.com      0      0      4876      1      -      0      Version: 6.0.3790.4675      -      Delivery Status Notification (Failure)      postmaster@ourdomain.com      -

2011-9-21      2:1:27 GMT      -      -      -      SERVER      -      ugeqz@yahoo.com.tw      1025      9RQAOCop300007e42@ourdomain.com      0      0      5480      1      -      0      Version: 6.0.3790.4675      -      Delivery Status Notification (Failure)      postmaster@ourdomain.com      -

2011-9-21      2:1:27 GMT      -      -      -      SERVER      -      ugeqz@yahoo.com.tw      1024
0
 

Author Closing Comment

by:JJMarquart
ID: 36588161
NM got it.  Just had to clear out the que.  Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question