Exchange 2010 User Mailbox Seems to be compromised

I have a single user out of 100s that is getting tons of undelivered messages from our local Exchange Server. When examining the messages it indicates there were 100 intended recipients with the majority being delivered. Many foreign domains are listed. We have scanned the users  desktop and the Exchange server for viruses, but both come up clean. There is a possibility her send address is being spoofed....

I am not confident the proper logging is running to help find the issue.

Need help in investigating and resolving the issue. (I am not an Exchange experts)
tamray_techAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Sounds like spoofing of the sender address and the NDRs are bouncing back. Not a lot you can do about it as they are NDRs which you have to accept. If you try and block them you will get blacklisted.

I would be surprised if the mailbox was compromised, a spammer is just using the address as the from address and the rejects are coming that way. Looking at the headers may give you some clue as to the source, and ensure that it isn't your server. Your queues would be full if your server was being used as spammer's lists are not clean.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.