How to log MAPI connections to Exchange 2003 ?
Posted on 2011-09-23
Environment summary: SBS 2003 (2 NICs configuration) SP2, Windows XP SP3, Outlook 2007 SP2
One of our client computers seems to be infected with some malware, causing the computer to send spam.
We use our ISP mail relay and we have been prevented to send emails after some spams were sent from our IP address.
We've run an extra antivirus scan on our computers (we use Trend Micro).
From time to time, I do see a batch of spam ending in our Exchange queues.
I've turned on some diagnostic/logging options in Exchange 2003, but it does not seem to log the information that I am looking for: who is connecting to Exchange to submit the spam. I would like to be able to correlate the spams I see in the queues with the name or IP address of the computer that actually sent the spams.