Solved

Exchange 2010 User Mailbox Seems to be compromised

Posted on 2013-01-17
1
986 Views
Last Modified: 2013-01-23
I have a single user out of 100s that is getting tons of undelivered messages from our local Exchange Server. When examining the messages it indicates there were 100 intended recipients with the majority being delivered. Many foreign domains are listed. We have scanned the users  desktop and the Exchange server for viruses, but both come up clean. There is a possibility her send address is being spoofed....

I am not confident the proper logging is running to help find the issue.

Need help in investigating and resolving the issue. (I am not an Exchange experts)
0
Comment
Question by:tamray_tech
1 Comment
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Sounds like spoofing of the sender address and the NDRs are bouncing back. Not a lot you can do about it as they are NDRs which you have to accept. If you try and block them you will get blacklisted.

I would be surprised if the mailbox was compromised, a spammer is just using the address as the from address and the rejects are coming that way. Looking at the headers may give you some clue as to the source, and ensure that it isn't your server. Your queues would be full if your server was being used as spammer's lists are not clean.

Simon.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now