Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 User Mailbox Seems to be compromised

Posted on 2013-01-17
1
Medium Priority
?
1,061 Views
Last Modified: 2013-01-23
I have a single user out of 100s that is getting tons of undelivered messages from our local Exchange Server. When examining the messages it indicates there were 100 intended recipients with the majority being delivered. Many foreign domains are listed. We have scanned the users  desktop and the Exchange server for viruses, but both come up clean. There is a possibility her send address is being spoofed....

I am not confident the proper logging is running to help find the issue.

Need help in investigating and resolving the issue. (I am not an Exchange experts)
0
Comment
Question by:tamray_tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 38789576
Sounds like spoofing of the sender address and the NDRs are bouncing back. Not a lot you can do about it as they are NDRs which you have to accept. If you try and block them you will get blacklisted.

I would be surprised if the mailbox was compromised, a spammer is just using the address as the from address and the rejects are coming that way. Looking at the headers may give you some clue as to the source, and ensure that it isn't your server. Your queues would be full if your server was being used as spammer's lists are not clean.

Simon.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question