Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1070
  • Last Modified:

Exchange 2010 User Mailbox Seems to be compromised

I have a single user out of 100s that is getting tons of undelivered messages from our local Exchange Server. When examining the messages it indicates there were 100 intended recipients with the majority being delivered. Many foreign domains are listed. We have scanned the users  desktop and the Exchange server for viruses, but both come up clean. There is a possibility her send address is being spoofed....

I am not confident the proper logging is running to help find the issue.

Need help in investigating and resolving the issue. (I am not an Exchange experts)
0
tamray_tech
Asked:
tamray_tech
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Sounds like spoofing of the sender address and the NDRs are bouncing back. Not a lot you can do about it as they are NDRs which you have to accept. If you try and block them you will get blacklisted.

I would be surprised if the mailbox was compromised, a spammer is just using the address as the from address and the rejects are coming that way. Looking at the headers may give you some clue as to the source, and ensure that it isn't your server. Your queues would be full if your server was being used as spammer's lists are not clean.

Simon.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now