Solved

Internal email message gets sent to unknown recipient outside the company

Posted on 2013-06-20
5
344 Views
Last Modified: 2013-07-08
This is a very weird situation.  This is a Microsoft Exchange Server 2003 Small Business server with Microsoft Outlook 2007 clients.  There are five employees.  Employee A sent an email to the other four people with a nice quote to start the day.  A few days later, Employee A got an email from an unknown person at a reputable consulting company saying thanks for the kind words.  Employee A didn't know who this person was.

When we look at the email in her sent items which was sent at 7:39am on Tuesday, only the four employees are in the To line and no one is CC's or Bcc'd.  The response from the unknown party included the original message and it has the same date and time but this person's email address is included as a fifth recipient.  I double checked Employee A's sent items and this unknown person is NOT on the To: list.

Message tracking was not turned on with this server.  Ugh.  I checked everyone's rules and there are no auto-forwarding rules ... actually no rules of any sort.  I am at a loss as to how this person magically became a recipient when the original email doesn't include her at all.  There is anti-malware on all clients and the server.  The server checks out fine
0
Comment
Question by:Steve Bantz
  • 2
  • 2
5 Comments
 
LVL 42

Accepted Solution

by:
Amit earned 225 total points
ID: 39263450
Enable the advance logging with option like client IP.
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

That can show from which client it is being generated.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 75 total points
ID: 39264183
Without message tracking is almost impossible to know what has happened here. Has anyone in the company had dealings with that other party at all?
Simon.
0
 

Author Comment

by:Steve Bantz
ID: 39264219
I have enabled message tracking now but of course it won't do me any good unless it happens again.  No one knows this person.  I even checked the original sender's outlook.nk2 file and the email address in question is not in there either.  I just have to think it is something that happened with the Exchange server since the address doesn't appear in the original message. It just appears that the address was added AFTER it left the local Outlook client and hit the Exchange server.  There are no open relays or anything like that, but that shouldn't matter.  Somehow, an address was appended to an outgoing email that the sender didn't put in there.  :)

The person outside the company who received the email was from a reputable firm so I don't have any reason to believe malware is involved.  I am just trying to figure out how something like this could even happen.  The company is nervous now so I have to come to some sort of conclusion.
0
 
LVL 42

Expert Comment

by:Amit
ID: 39264234
Check with ISP, they might be able to track something for you.
0
 

Author Comment

by:Steve Bantz
ID: 39308501
Nothing was found out on this after the fact.  I have turned on message tracking in case this happens again.  I have never seen this before and I have been doing this for 15 years.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question