Solved

Exchange 2010 User Mailbox Seems to be compromised

Posted on 2013-01-17
1
1,001 Views
Last Modified: 2013-01-23
I have a single user out of 100s that is getting tons of undelivered messages from our local Exchange Server. When examining the messages it indicates there were 100 intended recipients with the majority being delivered. Many foreign domains are listed. We have scanned the users  desktop and the Exchange server for viruses, but both come up clean. There is a possibility her send address is being spoofed....

I am not confident the proper logging is running to help find the issue.

Need help in investigating and resolving the issue. (I am not an Exchange experts)
0
Comment
Question by:tamray_tech
1 Comment
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 38789576
Sounds like spoofing of the sender address and the NDRs are bouncing back. Not a lot you can do about it as they are NDRs which you have to accept. If you try and block them you will get blacklisted.

I would be surprised if the mailbox was compromised, a spammer is just using the address as the from address and the rejects are coming that way. Looking at the headers may give you some clue as to the source, and ensure that it isn't your server. Your queues would be full if your server was being used as spammer's lists are not clean.

Simon.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question